27 August 2017

Report: Critical infrastructure under risk of ‘9/11-level cyber attack’

By: Mark Pomerleau

A successful cyberattack on the nation’s critical infrastructure has long been considered a looming and catastrophic threat. It’s not difficult to imagine what such an attack would look like given Ukraine has served as a test case of sorts following an attack on its grid, which has been attributed to Russian cyber actors.

A draft report by the U.S. president’s National Infrastructure Advisory Council, or NAIC, assesses that: “The time to act is now. As a Nation, we need to move past simply studying our cybersecurity challenges and begin taking meaningful steps to improve our cybersecurity to prevent a major debilitating cyber attack.”

The report, “Securing Cyber Assets, Addressing Urgent Cyber Threats to Critical Infrastructure,” offers nearly a dozen recommendations for key government stakeholders to prevent “a watershed, 9/11-level cyber attack.”

They include the establishment of a separate, secure communications network for the most critical networks; a private sector-led pilot of machine-to-machine information sharing technologies; strengthening the capabilities of the cyber workforce; and establishment of protocols to declassify cyberthreat information to be shared with infrastructure owners and operators.

The NIAC, which is made up of senior executives from industry as well as state and local government that own the critical infrastructure, noted in its draft report that a review of hundreds of studies and interviews “revealed an echo chamber, loudly reverberating what needs to be done to secure critical U.S. infrastructure against aggressive and targeted cyber attacks.”

Among key stakeholders, the report listed the Department of Energy, the Department of Homeland Security, the Office of the Director of National Intelligence, the Strategic Infrastructure Coordinating Council, the National Security Council and Congress.

Despite several government stakeholders listed, a common refrain when discussing critical infrastructure is that the majority of it is owned and operated by the private sector.

“Cyber is the sole arena where private companies are the front line of defense in a nation-state attack on U.S. infrastructure,” the report said. “When a cyber attack can deliver the same damage or consequences as a kinetic attack, it requires national leadership and close coordination of our collective resources, capabilities, and authorities.”

No comments: