Author: Turner King-Shipman
Attacks on our nation’s critical infrastructure are happening day in and day out, with our current cybersecurity guidelines being based on voluntary reporting (if you follow the guidelines!). This has proven to be insufficient protection from the sophisticated criminal and nation-state actors targeting these essential sectors. Even major events like the Colonial Pipeline hack barely scratch the surface of the potential fallout of a broader cyberattack.
With the frequency of attacks showing no signs of slowing, the Biden administration is poised to take dramatic action to combat these brazen incidents. Specifically, the administration is about to approve its “National Cybersecurity Strategy” which is radically different from previous plans in two major ways:
Concerns about cyber threats to our critical infrastructure and a recent article from Slate on the upcoming “National Cybersecurity Strategy” were the central focus in the most recent chat between Samara Schulman, President of OnPoint Consulting, and Pete Tseronis, Founder and CEO of Dots and Bridges.
OnPoint’s Key Points
To start, Samara was quick to acknowledge how noteworthy the aggressive nature of this plan is, as the U.S. government directly states that they will be working to “disrupt and dismantle hostile networks through a persistent, continuous campaign. While specifics of the plan are not available, the offensive cyber campaign will be coordinated across all relevant U.S. agencies by the FBI’s National Cyber Investigative Joint Task Force.
Both Samara and Pete see that there is a strong bipartisan consensus surrounding efforts related to cyber security and the protection of critical infrastructure. With legislation like the Infrastructure Investment and Jobs Act being indicative of this interest in our nation’s critical infrastructure across the aisle.
Samara stated that she “hopes that this stays a bipartisan issue… we’re going to see a lot regarding privacy issues… as one of the most important things about being an American is keeping our privacy.”
The discussion touched on how the definition of critical infrastructure is not widely known, which leads to difficulties in communicating the severity of cyber threats faced today and the potentially catastrophic results of attacks on these sectors. To that end, they provided the following breakdown to define to what “critical infrastructure” refers, and why the new cybersecurity strategy is centered around it’s protection:
Another key component of the strategy highlighted by Samara was the pivot away from voluntary programs which ask the industrial base to report cyber incidents towards mandatory cybersecurity regulations. This is because there is a recognition from Washington that these programs remain woefully underutilized, a point Samara and Pete touched on in their previous conversation regarding Open Government and a collaborative approach to cybersecurity.
Since the “National Cybersecurity Strategy” is still unreleased, many elements of the plan are still unknown to the public. Samara and Pete took this opportunity to raise some of the following questions and topics they will be paying close attention to going forward:
The unprecedented assertiveness of the new strategy shows that the government is waking up to the threats to our national security posed by cyber-attacks, with the Samara also recognizing that this plan should be a wake-up call to the broader public. She stated:
“We as American citizens need to collaborate with government and vice-versa,” as the plan is trying to convey “how important this [cybersecurity] is to our everyday lives and how serious a matter this is.”
These attacks on our critical infrastructure are being attempted day-in and day-out. Even as she was preparing for this very conversation, Samara saw breaking news that two extremists were charged with plotting to take out Baltimore’s power grid in an attempt to cripple the city. Attacks are happening in real-time, and we can no longer afford to simply wait on the defensive.