Companies and governments today face more threats than ever before, and one of the biggest concerns is cyber-attacks. An entity can be brought to its knees overnight if its critical infrastructure suffers a breach, and it can then take years to recover. Former Secretary of the Department of Homeland Security Michael Chertoff and former Secretary of Defense William Perry recently stated that “Present cyber security risk is shocking and unacceptable. Control system vulnerabilities threaten power plants and the critical infrastructure they support, from dams to hospitals…[and the ] threat is only going to get worse. Inaction is not an acceptable option.”
The FBI also believes that the No. 1 threat they are facing is a foreign hack stealing intellectual property and data from American firms. One only has to read recent headlines to quickly grasp how common data breaches are in the commercial sector every month.
One of the current roadblocks facing cybersecurity is the fact that cyber legislation is at a crossroads. Some government leaders do not want to impose any new burdens on commercial entities that own or run our critical infrastructure from utilities, the energy grid, emergency services, government contractor systems, telecommunications and shipping industries. Others think this approach is too risky and support a broader risk management program that analyzes threats, shares information with intelligence sources and drives action to mitigate those risks.
At Coalfire, via our work with the Department of Homeland Security and other agencies, we are active participants in discussions about the need for cyber legislation and its role in protecting critical infrastructure from attack. Coalfire is an Executive Member of Silicon Flatirons, an interdisciplinary research center at the University of Colorado Law School. The purpose of Silicon Flatirons is to “elevate the debate” surrounding technology policy issues such as cybersecurity. Earlier this year, we participated in a roundtable on cybersecurity and played a key role in developing a report titled “Cybersecurity: Towards A Strategy for Securing Critical Infrastructure from Cyberattacks” that is now available to the general public.
What’s in this report? It’s an unbiased look at the need for cyber legislation that frames the issues clearly and maps out a logical path forward. What can you do to help? Read the report and familiarize yourself with the cybersecurity issues facing critical infrastructure today, which may include an industry you work in. Share this paper with your legislative contacts and provide it to other organizations that can influence legislation or at the very least raise awareness of the situation and foster discussion around this important issue.
Snapshot conclusions as a result of the report:
• IT professionals are instrumental to long-term security. Educational programs must be incentivized and developed through more federal funding.
• A national cybersecurity policy is an important way to align public and private goals.
• Increasing the baseline of security is paramount. Economic incentives could include limitations on liability, mandatory disclosure requirements, robust insurance markets, direct incentives and government procurement.
We encourage everyone to get involved as we all have the same goal—to protect critical infrastructure from an attack. Let’s work together to make it possible for the private sector and the government to cooperate and make cyberspace more secure.