Federal agencies should help defend the networks that run critical infrastructure, a new comprehensive report on the government’s cybersecurity suggested.
The Cyberspace Solarium Commission’s final report, released March 11 by a group of experts from in and out of government, recommended Congress implement the concept of “systemically important critical infrastructure," a designation for entities that operate systems that, if disrupted, “could have cascading, destabilizing effects on U.S. national security, economic security, and public health and safety.”
The new label means the U.S. government would become more involved in the defense of critical infrastructure, especially those “directly threatened by nation-states” and other cyber criminals, according to the report. For example, the report calls for the intelligence community update its processes to collect and share more information with systemically important critical infrastructure operators.
According to the report, the government “can and should bring to bear its unique authorities, resources, and intelligence capabilities to support these entities in their defense.”
For operators of critical infrastructure, this is a departure from the past procedures.
In the past the framework “has been for the private sector to work under the umbrella of [the Department of] Homeland Security essentially to prepare for and then respond to these threats and attacks,” said Tom Fanning, CEO of Southern Company, on webinar hosted by the U.S. Chamber of Commerce. “What has been missing in the middle ... is the idea of aligning with the folks that can hold the bad guys accountable: Cyber Command, broadly, DoD, FBI, Secret Service and others.”
In recent years critical infrastructure operators have joined collaborated on defense, in part Fanning said because the operators are dependent on each other. For example, the electricity sector needs telecom and the financial sector needs electricity for e-commerce.
Critical infrastructure officials also started working closer with the federal government in recent years through programs like the Energy Sector Pathfinder Initiative run by the Departments of Energy, Homeland Security and Defense.
“The battle is being fought in a cyber sense on our telecommunications networks, on our electrical grid, on our financial system and elsewhere in our national infrastructure,” Fanning said. “So we must participate in this joined effort.”
Andrew Eversden covers all things defense technology for C4ISRNET. He previously reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.