OPINION / Bolstering the nation’s cyber-security

By Brian Ahern  

If you haven’t yet had a chance to check out the recent 60 Minutes piece, “Sabotaging the System,” I highly recommend that you take a look.

As a homeland security professional, you might still encounter a couple of facts that you weren’t previously aware of. More importantly, Steve Kroft and his producer, Graham Messick, do a credible job of educating the American public on the very real threat a cyber-security attack on a critical infrastructure system could pose to the United States.

Unfortunately, one fact that failed to emerge in the broadcast is that currently 85 percent of our nation’s critical infrastructure systems are owned and operated by the private sector.

What are the ramifications of this fact? Essentially, if President Obama wants to truly make progress in the cyber-security realm, his administration needs to encourage partnerships between the private and public sectors that will ultimately provide incentives (in addition to the current penalties) for these private stakeholders. Translation: these owners have been hit with the stick and now we need to provide them with a carrot as well.

The first step in extending said carrot? Real-time information and situational awareness is a fundamental cyber-combat strategy where, ideally, the public and private sectors can work together to achieve realistic collaboration. As owners and operators, the private sector is actually in the best position to be the first step in escalating vulnerabilities and incidences to the federal government for wide-spread information sharing with all other critical infrastructure owners and operators.

In turn, through their various national intelligence channels, the federal government is also an important identifier of potential cyber-security threats that can then be communicated downstream to the private sector. Ideally, with these two sectors working together, the achieved end result is bidirectional situational awareness.  

Additionally, through my work with Washington legislators as well as NERC, FERC, and the DOE, in the past I’ve also advocated for the need for Safe Harbor protection for private stakeholders. Today, I continue to believe that Safe Harbor protection provides an important lynchpin in the process toward ultimate private / public sector collaboration and cooperation.

By granting Safe Harbor protection, in short order private sector owners would be granted a degree of “disclosure protection” when sharing vulnerabilities and incidences with the federal government. As it stands today, the public relations concerns associated with unprotected disclosure significantly limit the open dialogue of vulnerabilities and incidences between these two sectors.

That said, the 60 Minutes broadcast caps a year where increased public awareness has been coupled with a renewed sense of urgency around this topic in Washington, both on the part of Congress as well as the within the government agencies, including FERC, NERC, the DOE and the DHS.