Cybersecurity Pros to Trump: Critical Infrastructure Is Very Vulnerable to a Cyber-attack

Last week, President-elect Donald Trump received a comprehensive briefing on Russian hacking related to the 2016 Presidential election. In response, Trump released a statement that included the following:

"Whether it is our government, organizations, associations or business we need to aggressively combat and stop cyberattacks. I will appoint a team to give me a plan within 90 days of taking office.” 

These “teams” tend to be made up of a combination of Washington insiders with intelligence and/or military experience as well as an assortment of industry folks. For example, President Obama’s recent Commission on Enhancing National Cybersecurity included former NSA director Keith Alexander, former IBM CEO Sam Palmisano, etc.

Topics: Cybersecurity Critical Infrastructure POTUS

U.S. Critical Infrastructure under Cyber-Attack

ESG recently published a new research report titled, Cyber Supply Chain Security Revisited, focused on cyber supply chain security practices and challenges at U.S.-based critical infrastructure organizations.  The term “critical infrastructure” is associated with 16 industries designated by the U.S. Department of Homeland Security (DHS), “whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof” (source: DHS).

Some experts believe that a cyber-attack on one or several critical infrastructure organizations could result in a “Cyber Pearl Harbor,” disrupting society and the economy for weeks or months. This places critical infrastructure organizations firmly in the national security bucket.

Topics: Cybersecurity cyber supply chain security Critical Infrastructure

Valuable Federal Cybersecurity Training for Critical Infrastructure Organizations

Last week I wrote two blogs about cybersecurity, critical infrastructure organizations, and the US government. Now I'll discuss valuable federal cybersecurity training for critical infrastructure organizations.

Topics: Cybersecurity federal government Critical Infrastructure

Federal Cybersecurity Carrots and Sticks

In my last blog, I highlighted a recent ESG research survey of cybersecurity professionals working at critical infrastructure organizations. As a review:

Topics: federal government Critical Infrastructure Critical Infrastructure Protection threat intelligence sharing

Cybersecurity, Critical Infrastructure, and the Federal Government

The term “critical infrastructure” is used by governments around the world to describe industries and physical assets deemed essential to their economies and national security. Critical infrastructure industries include agriculture, electricity generation, financial services, health care, telecommunications, and government services like law enforcement and the water supply (i.e., drinking water, waste water, dams, etc.).

Topics: Cybersecurity US government NIST Critical Infrastructure Critical Infrastructure Protection

Should Congress Pass Cybersecurity legislation? Let Us Know What You Think!

In my most recent note-to-congress-pass-cybersecurity-legislation-now/index.html">blog, I got on my soapbox and stated my opinion that Congress should pass cybersecurity legislation to better protect U.S. Critical Infrastructure as soon as possible.

Topics: Cybersecurity Information and Risk Management Security and Privacy APT advanced persistent threat Critical Infrastructure

Note to Congress: Pass Cybersecurity Legislation Now

Earlier this week, the Senate Homeland Security and Government Affairs Committee (HSGAC) introduced a cybersecurity bill that would outline the Department of Homeland Security's responsibilities for overseeing cybersecurity at privately-owned critical infrastructure organizations.

Topics: Cybersecurity Information and Risk Management Security and Privacy advanced persistent threat senator joseph lieberman Critical Infrastructure Critical Infrastructure Protection