Pages

5 October 2023

President's Commentary: China, Russia and the Urgency for Global Infrastructure Protection

LT. GEN. SUSAN S. LAWRENCE, USA (RET.)

Russian and Chinese aggression drive home the point: democracies need to work together to protect their critical infrastructures.

In May, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency and FBI, along with security agencies in Australia, Canada, New Zealand and the United Kingdom, issued a joint warning that China’s state-sponsored hacking group, Volt Typhoon, might be preparing a cyber attack against critical infrastructure systems. China responded with its usual tactic of denial, lies and propaganda.

Russia has been particularly brutal in its attacks against critical infrastructure targets in Ukraine, blocking grain shipments and bombing energy facilities, for example. Amnesty International in 2022 said that “the Russian army clearly intends to undermine industrial production, disrupt transportation, sow fear and despair and deprive civilians in Ukraine of heat, electricity and water as the cold grip of winter approaches.” And Poland recently felt the need to create a special forces combat team to protect its own critical infrastructure from Russia.

Many nations recognized the need for cybersecurity cooperation before the term “critical infrastructure” even gained popularity. The Forum of Incident Response and Security Teams (FIRST) came about because of a 1988 security incident known as the “Internet worm” that brought much of the then-young internet to its knees. According to the FIRST website, the reaction to the worm was “isolated and uncoordinated, resulting in much-duplicated effort, and in conflicting solutions.”

The number of incident response teams grew rapidly, each with its own purpose, funding, reporting requirements and constituency, FIRST explains. The interaction between these teams experienced difficulties due to differences in languages, time zones and international standards or conventions. FIRST was formed in 1990 and now boasts 687 teams across 106 countries.

In the United States, critical infrastructure protection gained focus in 1998 with the creation of the Critical Infrastructure Assurance Office (CIAO). Following the September 11 terrorist attacks on New York’s Twin Towers and the Pentagon, that office became a part of the new Department of Homeland Security, and eventually, CISA adopted CIAO’s mission.

Now, we witness the rise of fifth-generation cellular, artificial intelligence, quantum computing, the Internet of Things, smart devices and smart cities. As a result, the world is growing more connected at an astounding pace. While these technologies offer great promise, those rapidly growing global connections also present a degree of cyber peril.

U.S. inter-agency partnerships and international cooperation have—thankfully—become more the norm than the exception. That trend must continue. With an eye toward the future, we should strive for fully integrated operations between private and public agencies, organizations and perhaps even select allies.

Fortunately, like-minded nations recognize the need and are forging ever-stronger bonds to protect their own—and each other’s essential systems. For example, the new U.S. National Cybersecurity Strategy stresses the need for enhanced international cooperation. Additionally, the Cyber Incident Reporting for Critical Infrastructure Act 2022, or CIRCIA, will enhance CISA’s ability to gather and share threat information. And last year’s Quad Leaders’ Tokyo Summit involving Australia, India, Japan and the United States resulted in an agreement to improve maritime domain awareness across the Indo-Pacific region.

Moreover, in June of 2022, the Homeland Security Department’s Science and Technology Directorate and the Israel National Cyber Directorate initiated the Israel-U.S. Binational Industrial Research and Development (BIRD) cyber program to enhance the cyber resilience of critical infrastructure in both countries.

Like links in a chain, every country is stronger when the others hold. Conversely, each country is only as strong as the weakest link in the global cybersecurity chain. When critical infrastructure systems in the United States are secure, our allies are more secure. And when their defenses are strong, our own systems are better armored.

We must continue forging relationships across agencies, borders, oceans, cultures and languages and aid one another in this essential mission of securing the critical infrastructure for all.

No comments:

Post a Comment