April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
January 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
OPINION / Bolstering the nation’s cyber-security
By Brian Ahern
If you haven’t yet had a chance to check out the recent 60 Minutes piece, “Sabotaging the System,” I highly recommend that you take a look.
As a homeland security professional, you might still encounter a couple of facts that you weren’t previously aware of. More importantly, Steve Kroft and his producer, Graham Messick, do a credible job of educating the American public on the very real threat a cyber-security attack on a critical infrastructure system could pose to the United States.
Unfortunately, one fact that failed to emerge in the broadcast is that currently 85 percent of our nation’s critical infrastructure systems are owned and operated by the private sector.
What are the ramifications of this fact? Essentially, if President Obama wants to truly make progress in the cyber-security realm, his administration needs to encourage partnerships between the private and public sectors that will ultimately provide incentives (in addition to the current penalties) for these private stakeholders. Translation: these owners have been hit with the stick and now we need to provide them with a carrot as well.
The first step in extending said carrot? Real-time information and situational awareness is a fundamental cyber-combat strategy where, ideally, the public and private sectors can work together to achieve realistic collaboration. As owners and operators, the private sector is actually in the best position to be the first step in escalating vulnerabilities and incidences to the federal government for wide-spread information sharing with all other critical infrastructure owners and operators.
In turn, through their various national intelligence channels, the federal government is also an important identifier of potential cyber-security threats that can then be communicated downstream to the private sector. Ideally, with these two sectors working together, the achieved end result is bidirectional situational awareness.
Additionally, through my work with Washington legislators as well as NERC, FERC, and the DOE, in the past I’ve also advocated for the need for Safe Harbor protection for private stakeholders. Today, I continue to believe that Safe Harbor protection provides an important lynchpin in the process toward ultimate private / public sector collaboration and cooperation.
By granting Safe Harbor protection, in short order private sector owners would be granted a degree of “disclosure protection” when sharing vulnerabilities and incidences with the federal government. As it stands today, the public relations concerns associated with unprotected disclosure significantly limit the open dialogue of vulnerabilities and incidences between these two sectors.
That said, the 60 Minutes broadcast caps a year where increased public awareness has been coupled with a renewed sense of urgency around this topic in Washington, both on the part of Congress as well as the within the government agencies, including FERC, NERC, the DOE and the DHS.
With four competing bills on the subject, including proposed legislation by Senators John Rockefeller (D-WV) and Olympia Snowe (R-ME), the Critical Electric Infrastructure Protection Act, proposed by Sen. Joseph Lieberman (I-CT) and Rep. Bennie Thompson (D-MS), as well as the Bulk Power System Protection Act, proposed by Rep. Edward Markey (D-MA) and Rep. Henry Waxman (D-CA), never has the need for collaboration between the public and private sectors been more evident.
In short, the combined media and Congressional attention mentioned above has underscored the fact that the risks are real and the task to bolster the nation’s overall cyber-security is large. Ultimately, regardless of jurisdictional differences, public and private sector partnerships will emerge as the non-negotiable factor in achieving cyber-security success.
Brian Ahern is the president and chief executive officer of Industrial Defender. He can be reached at: [email protected].