Cybersecurity Experts Discuss Plans for Protecting Critical Infrastructure

June 5, 2023 by Kate Michael
Cybersecurity Experts Discuss Plans for Protecting Critical Infrastructure

WASHINGTON — When an oil and gas pipeline was disrupted by a ransomware attack just two years ago, other vital industries took notice. Now, the administration is seeking to secure the nation’s infrastructure from cyberthreats through mandatory minimum standards.

“The Colonial Pipeline hack was a transformative moment for cybersecurity in the United States,” Anne Neuberger, deputy assistant to the president and deputy national security advisor for Cyber and Emerging Technology, recently explained to the Center for Strategic and International Studies. 

This is, in particular, she said, because it forced a recognition that “in almost all cases of critical infrastructure we didn’t have minimum required cybersecurity practices for owners and operators of critical infrastructure.”

The nuclear industry, defense industrial base and some parts of the chemical sector had some protections, but other sectors only had emergency authorities in place, or unused authorities that the executive branch felt could be fashioned to implement minimum standards or develop new mandates. 

“How common is a ransomware attack in the pipeline sector? We didn’t know because there was no reporting requirement,” David Pekoske, Transportation Security Administration administrator, said. 

“Within a year’s time we did a complete pivot and came up with a performance-based regulation,” he said. 

Reporting requirements were put in place for certain high-risk companies, with baseline standards created to which any company delivering truly essential services to people must adhere.

And the information from these reports is stored in one place and shared with other agencies that have an interest through the Cybersecurity and Infrastructure Security Agency. 

“[This has] proven its worth,” Pekoske said, because “everybody gets the same report and there’s no confusion … and companies get a cyber point of contact.”

“When we know there is a threat to a sector, now there is a common visibility,” he said.

To further drive minimum resilience requirements for those services we all rely on, like transportation and energy services, Pekoske explained that vulnerability assessments and a cybersecurity response plan are necessary. Key outcomes of such plans would include network segmentation, accessing control of critical cybersystems, providing for continuous detection and monitoring, and developing a plan for patching systems.

“It’s one thing to have a plan, it’s a whole different thing to be able to execute off the framework of that plan,” Pekoske said. “And it’s one thing to be able to prevent, and another thing to build in the resiliency so that even if attacked you can be as resilient as possible to be able to respond.

“We all know that when you have a plan, it’s unlikely that your plan has the exact scenario that you’re going to face, but it does give you a framework and a way to think about it,” he said.

Not all industries will — or should — have enforced cybersecurity regulations according to Rob Silvers, under secretary of Homeland Security for Strategy, Policy, and Plans. But the administration is looking to set common frameworks from which regulations can spring, like CISA’s performance goals, while taking steps to ensure that only those entities that need to be regulated are regulated and requirements are minimized and flexible. 

“Our work to protect the American people is a mix of voluntary programs and mandatory programs with companies,” Silvers said. “The majority is voluntary — and growing in sophistication — but we’ve put a lot of focus on ensuring that in cases where a regulatory approach is required, we’re doing it in a surgical, tailored, risk-based and thoughtful way.”

“We’ve made a tremendous amount of progress in a very short amount of time,” Pekoske said. “As a result, we have, as a government, much more awareness of where the threat is and how it’s developing, separate from the intel that we might be receiving.” 

You can reach us at [email protected] and follow us on Facebook and Twitter

A+
a-
  • Center for Strategic and International Studies
  • critical infrastructure
  • Think Tanks
  • In The News

    Health

    Voting

    Think Tanks

    April 29, 2024
    by Kate Michael
    Debate Continues After Congress Passes TikTok Divest-or-Ban Bill

    WASHINGTON — The U.S. Congress recently passed a bipartisan bill, The Protecting Americans from Foreign Adversary Controlled Applications Act, that... Read More

    WASHINGTON — The U.S. Congress recently passed a bipartisan bill, The Protecting Americans from Foreign Adversary Controlled Applications Act, that would force ByteDance, Ltd., owners of TikTok, to sell the social media platform within a year or face the consequences of a ban.  Claiming this is... Read More

    April 16, 2024
    by Dan McCue
    Nikki Haley Joining Washington Think Tank

    WASHINGTON — Former South Carolina governor and 2024 Republican presidential candidate Nikki Haley is joining a conservative think tank in... Read More

    WASHINGTON — Former South Carolina governor and 2024 Republican presidential candidate Nikki Haley is joining a conservative think tank in Washington, a position likely to further boost her national profile should she decide to run again for president in the future. She is joining the Hudson... Read More

    April 10, 2024
    by Kate Michael
    Social Media: Shaping or Shattering Modern Society?

    WASHINGTON — Many studies have been done on the detrimental effects of technology on American life, with social media in... Read More

    WASHINGTON — Many studies have been done on the detrimental effects of technology on American life, with social media in particular being named a major cause of psychological distress. One social researcher says there’s a reason the youngest generation is getting hit harder by the ills... Read More

    April 1, 2024
    by Kate Michael
    AEI Holds Discussion on How Current Trends May Be Reshaping Media

    WASHINGTON — As NBC News was dealing with the aftermath of hiring and then firing former Republican National Committee Chairwoman... Read More

    WASHINGTON — As NBC News was dealing with the aftermath of hiring and then firing former Republican National Committee Chairwoman Ronna McDaniel, prominent figures in journalism and academia spoke on what they see as concerning trends reshaping the media landscape and its impact on democratic values.... Read More

    March 21, 2024
    by Kate Michael
    Rep. Ro Khanna Talks of Need to Future Proof the Economy

    WASHINGTON, D.C. — There was as much discussion on inclusive economic policies as on Democratic campaign strategy when Rep. Ro... Read More

    WASHINGTON, D.C. — There was as much discussion on inclusive economic policies as on Democratic campaign strategy when Rep. Ro Khanna, D-Calif., spoke at the D.C.-based think tank, Center for American Progress, on Wednesday.  Talking strategies for fortifying the economy against future challenges, Khanna laid out... Read More

    February 20, 2024
    by Kate Michael
    Brazilian Diplomat Talks Relationship With US in Advance of Blinken’s Visit to Rio

    WASHINGTON, D.C. — Secretary of State Antony Blinken travels to Rio de Janeiro this week, marking his first visit to... Read More

    WASHINGTON, D.C. — Secretary of State Antony Blinken travels to Rio de Janeiro this week, marking his first visit to Brazil after four years as the top U.S. diplomat. Many believe the visit, scheduled to coincide with the G20 foreign ministers’ summit, is overdue as the... Read More

    News From The Well
    scroll top