Pages

8 May 2014

WE’RE SAVED! EXPERTS SHOW HOW TO FIX U.S. CYBER SECURITY

May 6, 2014 · by Fortuna's Corner 
We’re Saved! Experts Show How To Fix U.S. Cyber Security

Patrick Tucker, Technology Director for DefenseOne.com, and author of “The Naked Future: What Happens In A World That Anticipates You’re Every Move?,” had an online article May 4, 2014 in DefenseOne.com, with the title above. He writes that “350 members of the Truman National Security Project, ran a massive simulation last weekend — to see if the U.S. was capable of passing legislation to fix the nation’s cyber vulnerabilities — in the aftermath of a national crisis.”

After simulating a cyber attack against two electrical power generators in Coral Gables and St. Augustine Florida, the members of the Truman National Security Project war-gammed how Capital Hill and the POTUS might respond to such an event. Mr. Tucker notes that “the exercise represented something of a first in size and scope for legislative simulations, with players drawn from the Hill, cyber security field, and the military. In theory,” he writes, “the exercise showed that the POTUS and Congress are capable of passing a cyber security bill with mandatory standards for the industry.”

Matt Rhoades, Director of Cyber Space and Security Program at Truman; and, the designer of the exercise, “described it as an acid test to reveal the effectiveness (or not) of the White House’s recent Cyber Security Framework,” released this past February. Mr., Tucker adds that “the framework is a set of practices and guidelines for utility companies, software designers, and cyber security players to protect the nation’s critical infrastructure from [catastrophic] attack.”

“I have felt for a long time…that it’s unlikely that we will get much policy movement in the cyber area, without a crisis,” Rhoades told DefenseOne. “So, that leads me to two questions. One is, what is our threshold in terms of what sort of crisis actually spurs that on? The second one is, if we are actually making decisions at the time of a crisis, are we making good decisions, or bad decisions — are we making decisions that we are better off making at a more sober time — than at the time of the crisis?”

“How did the game play out?”, asks Mr. Tucker. “A simulated House and Senate were barely able to pass a bill with mandatory provisions for industry to follow to improve cyber security. But, this outcome was no liberal pipe dream,” he adds. “The White House had to carve out a role for industry via a public-private working group consisting of the Department of Homeland Security, a council of industry players and others.” “Republicans were willing to accept the mandatory standards because they felt the industry had more of a role…it was important to have industry at the table as part of the legislative process that was ongoing,” said Rhoades.

Andrew Borene, an advisor at the Center for National Policy’s cyber space and security program, who played the part of the POTUS in the simulation, told DefenseOne, “This weekend’s cyber security war-game is not about naval-gazing on tactics, crafting talking points, or looking at capabilities. It’s about taking a group of real-world leaders and acid-testing our nation’s cyber security and legal framework — before a real crisis occurs.”


Mr. Tucker concludes, “though the simulation was staged, the problem it sought to address is very real. Recent research from U.S. researchers find 25 vulnerabilities in SCADA systems revealed that as many as 25 security problems in the supervisory and control and data acquisition, or SCADA, systems that connect to many of the nation’s water, power, and other critical infrastructure assets.”


We need more of these kind of efforts — especially with a mid-term election coming this November; and, the potential for many new members of Congress as well as new Committee Chairman assuming new positions. It would be useful to have some war-gammed cyber security ideas on the table and ready for consideration — if indeed, we have to wait for a cyber crisis to happen — before we have the political will and industry buy-in to address these looming gaps in our critical infrastructure. V/R, RCP

No comments:

Post a Comment