Cybersecurity Experts Discuss Plans for Protecting Critical Infrastructure

June 5, 2023 by Kate Michael
Cybersecurity Experts Discuss Plans for Protecting Critical Infrastructure

WASHINGTON — When an oil and gas pipeline was disrupted by a ransomware attack just two years ago, other vital industries took notice. Now, the administration is seeking to secure the nation’s infrastructure from cyberthreats through mandatory minimum standards.

“The Colonial Pipeline hack was a transformative moment for cybersecurity in the United States,” Anne Neuberger, deputy assistant to the president and deputy national security advisor for Cyber and Emerging Technology, recently explained to the Center for Strategic and International Studies. 

This is, in particular, she said, because it forced a recognition that “in almost all cases of critical infrastructure we didn’t have minimum required cybersecurity practices for owners and operators of critical infrastructure.”

The nuclear industry, defense industrial base and some parts of the chemical sector had some protections, but other sectors only had emergency authorities in place, or unused authorities that the executive branch felt could be fashioned to implement minimum standards or develop new mandates. 

“How common is a ransomware attack in the pipeline sector? We didn’t know because there was no reporting requirement,” David Pekoske, Transportation Security Administration administrator, said. 

“Within a year’s time we did a complete pivot and came up with a performance-based regulation,” he said. 

Reporting requirements were put in place for certain high-risk companies, with baseline standards created to which any company delivering truly essential services to people must adhere.

And the information from these reports is stored in one place and shared with other agencies that have an interest through the Cybersecurity and Infrastructure Security Agency. 

“[This has] proven its worth,” Pekoske said, because “everybody gets the same report and there’s no confusion … and companies get a cyber point of contact.”

“When we know there is a threat to a sector, now there is a common visibility,” he said.

To further drive minimum resilience requirements for those services we all rely on, like transportation and energy services, Pekoske explained that vulnerability assessments and a cybersecurity response plan are necessary. Key outcomes of such plans would include network segmentation, accessing control of critical cybersystems, providing for continuous detection and monitoring, and developing a plan for patching systems.

“It’s one thing to have a plan, it’s a whole different thing to be able to execute off the framework of that plan,” Pekoske said. “And it’s one thing to be able to prevent, and another thing to build in the resiliency so that even if attacked you can be as resilient as possible to be able to respond.

“We all know that when you have a plan, it’s unlikely that your plan has the exact scenario that you’re going to face, but it does give you a framework and a way to think about it,” he said.

Not all industries will — or should — have enforced cybersecurity regulations according to Rob Silvers, under secretary of Homeland Security for Strategy, Policy, and Plans. But the administration is looking to set common frameworks from which regulations can spring, like CISA’s performance goals, while taking steps to ensure that only those entities that need to be regulated are regulated and requirements are minimized and flexible. 

“Our work to protect the American people is a mix of voluntary programs and mandatory programs with companies,” Silvers said. “The majority is voluntary — and growing in sophistication — but we’ve put a lot of focus on ensuring that in cases where a regulatory approach is required, we’re doing it in a surgical, tailored, risk-based and thoughtful way.”

“We’ve made a tremendous amount of progress in a very short amount of time,” Pekoske said. “As a result, we have, as a government, much more awareness of where the threat is and how it’s developing, separate from the intel that we might be receiving.” 

You can reach us at [email protected] and follow us on Facebook and Twitter

A+
a-
  • Center for Strategic and International Studies
  • critical infrastructure
  • Think Tanks
  • In The News

    Health

    Voting

    Think Tanks

    March 21, 2024
    by Kate Michael
    Rep. Ro Khanna Talks of Need to Future Proof the Economy

    WASHINGTON, D.C. — There was as much discussion on inclusive economic policies as on Democratic campaign strategy when Rep. Ro... Read More

    WASHINGTON, D.C. — There was as much discussion on inclusive economic policies as on Democratic campaign strategy when Rep. Ro Khanna, D-Calif., spoke at the D.C.-based think tank, Center for American Progress, on Wednesday.  Talking strategies for fortifying the economy against future challenges, Khanna laid out... Read More

    February 20, 2024
    by Kate Michael
    Brazilian Diplomat Talks Relationship With US in Advance of Blinken’s Visit to Rio

    WASHINGTON, D.C. — Secretary of State Antony Blinken travels to Rio de Janeiro this week, marking his first visit to... Read More

    WASHINGTON, D.C. — Secretary of State Antony Blinken travels to Rio de Janeiro this week, marking his first visit to Brazil after four years as the top U.S. diplomat. Many believe the visit, scheduled to coincide with the G20 foreign ministers’ summit, is overdue as the... Read More

    January 29, 2024
    by Kate Michael
    Former House Speaker Ryan Calls EITC ‘Best Tool in the Arsenal’ for Economic Mobility

    WASHINGTON, D.C. — As Congress grapples with the challenges of government spending levels and bipartisan tax deals, one policy that... Read More

    WASHINGTON, D.C. — As Congress grapples with the challenges of government spending levels and bipartisan tax deals, one policy that has consistently been at the center of discussions for promoting America’s 21st-century economy is the Earned Income Tax Credit. According to Paul Ryan, former speaker of... Read More

    December 20, 2023
    by Kate Michael
    Ambassador Burns Hopeful About Future US-China Relations

    WASHINGTON — Last month, President Biden met with China’s President Xi Jinping at the Asia-Pacific Economic Cooperation summit in California.... Read More

    WASHINGTON — Last month, President Biden met with China’s President Xi Jinping at the Asia-Pacific Economic Cooperation summit in California. This was the leaders’ first meeting in a year, and while it didn’t yield any major breakthroughs, after years of deteriorating relations, there was an effort... Read More

    October 22, 2023
    by Kate Michael
    EEOC Chair Calls AI ‘New Civil Rights Frontier’

    WASHINGTON — Companies thinking about using AI to take advantage of efficiencies in the hiring process were put on notice... Read More

    WASHINGTON — Companies thinking about using AI to take advantage of efficiencies in the hiring process were put on notice earlier this year when the U.S. Equal Employment Opportunity Commission settled its first-ever AI discrimination-in-hiring lawsuit, reaching an agreement with a company that may have used... Read More

    October 11, 2023
    by Kate Michael
    Trade Rep. Tai Outlines Biden's Worker-Centered Trade Policies 

    WASHINGTON — The United States is at a crossroads in its trade agenda, with pivotal negotiations and policy shifts on... Read More

    WASHINGTON — The United States is at a crossroads in its trade agenda, with pivotal negotiations and policy shifts on the horizon. Two notable initiatives, the Indo-Pacific Economic Framework for Prosperity and the Global Arrangement for Sustainable Steel and Aluminum, are set to redefine how the... Read More

    News From The Well
    scroll top