The Department of Homeland Security’s new Cybersecurity and Infrastructure Security Agency, known as CISA, is charged with coordinating the protection of America’s critical infrastructure from cyber as well as physical attacks. Director Christopher Krebs recently released the agency’s top operational priorities. CISA, which was created in November 2018, will initially tackle supply chain risks, election security and industrial control system security, among other measures, according to the document, Cybersecurity and Infrastructure Security Agency: Strategic Intent.
The water and wastewater treatment industry is facing cybersecurity threats. The risks affect the sector disproportionately compared to other utilities, given local-level water processing operations.
Along with physically securing its critical infrastructure, the water industry has to leverage available tools to protect against cyber attacks, an expert says.
The growing interconnection among the elements of the critical infrastructure may hold the key to safeguarding it against an increasingly sophisticated threat picture. Many elements of the critical infrastructure depend on each other, and securing them in a coordinated endeavor holds promise for combatting adversaries who are targeting it on a daily basis.
A 2018 exercise developed by the Army Cyber Institute at West Point and hosted by the city of Houston provided participants with a full view of potential critical infrastructure crises while also offering a path to security and resiliency. Known as the Jack Voltaic 2.0 Cyber Research Project, the exercise exposed critical infrastructure issues to 200 participants from 44 organizations.
Officials with the U.S. Defense Department and Department of Homeland Security recently signed a memorandum of understanding outlining a partnership that will allow the Defense Department to take a greater role in sharing intelligence and proactively defending the nation’s critical infrastructure, including next week’s mid-term election.
The Defense Department’s unique role in assessing foreign threats means that it often has information that could benefit the other departments and agencies, the defense industrial base and others with a role in defending the nation’s critical infrastructure.
The Defense Information Systems Agency, or DISA, is applying both traditional and innovative infrastructure protection methods to its worldwide networking for U.S. defense installations. In some cases, conventional methods can hold services together. But in others, especially with cross-border telecommunications, DISA must secure its commercial connectivity without the benefit of the authorities inherent in a host country agency.
New ways of commercial networking widen the threat picture. Variety is the spice of vulnerability as networks evolve with innovative approaches. Having the right information for a network architecture is vital to moving information across global ranges, according to DISA officials.
President Donald Trump’s recent call for a U.S. Space Force that would potentially be on par with the Army, Navy, Marine Corps, Air Force and Coast Guard shows a renewed recognition of the importance of space. This presidential proclamation has been met with varying responses. Regardless of one’s position on the topic, it begs for a discussion that is long overdue. The Commission to Assess U.S. National Security Space Management and Organization, often referred to as the Rumsfeld Commission, put into place more than 17 years ago a solid set of findings and recommendations on national space policy. Some of the recommendations have been adopted, while others have fallen by the wayside for a variety of reasons.
U.S. Secretary of Energy Rick Perry today announced a request for proposals potentially worth up to $1.8 billion for the development of at least two new exascale supercomputers, to be deployed at U.S. Department of Energy (DOE) National Laboratories in the 2021-2023 timeframe. Among other benefits, the systems will help nuclear security, a major piece of the nation’s critical infrastructure.
Within the next 12 months, a fledgling program at the U.S. Department of Homeland Security will likely begin transitioning cybersecurity technologies to the finance sector in an effort to shore up the nation’s critical infrastructure. Technologies developed under the program ultimately could be made available to other sectors.
The U.S. infrastructure increasingly shows signs of aging, posing a threat to essential services. These conditions put the United States at a crossroads. Governments at all levels, working with the private sector, can either design the infrastructure of the future—one that will intelligently support community services and resident needs for decades to come—or continue to apply just-in-time repairs to the strained system.
The United States cannot adequately secure its entire critical infrastructure. The infrastructure is too broad and complex. Much of it consists of highly vulnerable legacy software running older supervisory control and data acquisition (SCADA) systems. But the nation can take steps to address vulnerabilities in key areas and mitigate losses in others.
Europe is taking on several socio-technological initiatives, including developing a digital single market and tackling consumer financial services reform. Add the need to balance privacy concerns and safeguards across 28 member countries of the European Union, and it may seem like a tall order for policy makers to help strengthen information security.
Enter the European Union Agency for Network and Information Security, the European Union’s cybersecurity agency known as ENISA. The agency, founded in 2004, equips the European Union (EU) to prevent, detect and respond to cybersecurity problems.
Although universities can be part of larger cyber attacks as unwitting victims like any other organization or enterprise, the institutions are distinguished by a collegial nature that renders them vulnerable. Academia has a more open atmosphere and a mindset of research and collaboration, making universities an enticing cyber target even for adversaries such as nation-states
A new project headed by Lawrence Livermore National Laboratory aims to use microgrid resources to boost the electric grid’s ability to bounce back more rapidly from blackouts or cascading outages, such as those following major storms or earthquakes.
In less than three years, researchers will attempt to demonstrate the potential of distributed energy resources, including the energy produced by solar panels on homes, to help restore power to the grid from scratch, an effort commonly known as a black start. The black start process is now done manually using special generators that can provide power to slowly bring other generators back online.
On September 29, 2017, 3e Technologies International Incorporated, Rockville, Maryland, was awarded a $16,163,099 modification to a previously awarded cost-plus-fixed-fee, firm-fixed-price contract (N00174-16-C-0046) to exercise option year one for continued implementation of a facilities critical infrastructure control and monitoring system interface to the Navy Virtual Perimeter Monitoring System that will allow for monitoring and control of critical facility infrastructure for potential operating hazards or intrusions.
With the Internet of Things promising—or perhaps threatening—to connect many more millions of devices, experts from industry, government and the military are urging action.
The critical infrastructure covers a lot of territory, including banking and finance, gas and oil, health care, agriculture, water distribution, transportation, communication, law enforcement and emergency services. Many outdated and poorly secured computers, experts say, operate a great deal of that infrastructure. Additionally, commercial or private entities own the vast majority of the infrastructure, meaning that government has little authority to protect it.
The U.S. federal government has not yet told state-level election officials whether their election systems were hacked by the Russians.
— George Seffers (@gseffers) September 7, 2017
A cyber strike may not be the most effective deterrent against adversaries, Tom Bossert, assistant to the president for homeland security and counterterrorism, National Security Council, told the audience at the 2017 Intelligence and National Security Summit in Washington, D.C.
If a “bad actor” is engaging in increasingly unacceptable behavior, he said, “I think what we’ll have to do is punch him in a way that’s real-world and not cyber-world.” Deterrent actions will be “commensurate with the expense” and also will be done in such a way that it will not “create a long-term escalatory posture.”
The U.S. government is expanding and enhancing training on how to protect the nation’s critical infrastructure from both cyber and physical attacks.
For more than a decade, the U.S. Department of Homeland Security (DHS) has offered a wide array of free training programs to government and private-sector infrastructure owners and operators. Critical infrastructure provides the essential services that underpin American society and serves as the backbone of the nation’s economy, security and health. It includes defense, transportation, finance, communications and other sectors.
Now that Donald Trump has become the 45th president of the United States, he will be exposed to the nation’s soft underbelly: cybersecurity. Given rapid advancements in information and communication technologies, continued coupling of the digital domain with the physical world and advanced persistent threats, critical infrastructure protection poses a major challenge for the United States.
This is where the president should focus his efforts. But is either the Department of Homeland Security or the Defense Department the right agency for cyber protection?