The recently signed executive order on cybersecurity and the presidential directive on critical infrastructure protection are not separate documents. In fact, they are part of the same overall effort to protect the nation, said Rand Beers, undersecretary for the National Protection and Programs Directorate, U.S. Department of Homeland Security. Beers discussed the effort on Thursday at the AFCEA Homeland Security Conference in Washington, D.C.
The two documents are “part and parcel of a whole of government and whole of society concept. The executive order is focused on cybersecurity, but the presidential policy directive takes the cybersecurity element and places it within the broader context of critical infrastructure protection in the sense that cyber and physical critical infrastructure are linked to one another,” Beers said. He added that a cyber attack that shuts down the electric grid could shut off access to water and to communications, which could affect the economy. “I’m not here to suggest cyber Armageddon is about to happen, but we have enough of a warning to understand that concerns about cybersecurity are not being overhyped.”
Beers revealed that the government is working to identify critical cyber nodes within the country, just as it has inventoried physical facilities that make up the nation’s critical infrastructure.
He added that the administration would still like Congress to pass cyber legislation. “We would still very much prefer legislation. We need to incentivize the private sector to take on the needed best practices,” Beers said. He suggested that legislation should include a safe harbor element providing liability protection to those in the private sector who adopt best practices but still suffer outages during a catastrophic event.