Quick Study

By Brian Robinson

Blog archive

Teetering on the brink of critical infrastructure protection

Are the ducks finally lining up on cybersecurity? The recent memorandum of agreement between the departments of Defense and Homeland Security, who for years have been butting heads on cybersecurity responsibilities, is one positive sign.

If we depart from the cynical view, which would have this as nothing more than window dressing for the public and Congress, then we can expect better coordination and information sharing between the two departments going forward. Hopefully, that ultimately means a much better approach to protecting critical infrastructures.

And none too soon. The Stuxnet worm that reportedly devastated Iran’s energy infrastructure is being seen as the most visible evidence of a trend toward more “professional” coding of malware aimed at country’s infrastructures. Some are calling it the blueprint for a new generation of cyberweapons that will be used in a rapidly developing Cyber War.

A DOD official was quoted as saying the agreement with DHS was needed because the United States doesn’t have either the time or the money to develop cyberdefenses twice over. DHS Secretary Napolitano and DOD Secretary Gates called it the beginning of a new framework for coordination and joint program planning between the departments.

If this all works out as planned then it will be quite few steps on from where the public perception is right now, with a large majority in a recent Narus poll saying government is wildly unprepared to defend against cyberattacks. Industry didn’t fare much better.

How much does this positive outweigh the negatives? Good question. Symantec’s 2010 Critical Information Infrastructure Protection survey reported that more than half of America’s infrastructure providers have experienced politically-motivated cyberattacks. Those were presumably made by the kinds of people who launched Stuxnet, not the relatively unsophisticated hacker stuff that predominated in years past. And it’s likely to only get worse.

Outside of the feds and industry, state and local governments also have a big responsibility for critical infrastructure, of course, and they are getting hammered by the recession. A new study found that nearly four-fifths of state chief information security officers reported stagnant or slashed budgets that pose “a serious problem that stifles their ability to adequately handle growing internal and external threats.”

So which is it? Are we marching forward, falling back, or staggering to a standstill?

Posted on Oct 14, 2010 at 9:03 AM


Reader Comments

Thu, Nov 18, 2010 Patricia Titus, CISCO, Unisys

The joint agreement between the Department of Homeland Security (DHS) and the Department of Defense (DoD) is yet another example of the continued cultural changes that are happening throughout the public and private sectors. Acknowledging that cyber attacks are growing and recognizing there are dwindling budgets and resources to address the problem requires us to pull together in a way we haven’t been able to in the past. I see this as a positive move. As a former chief information security officer at the Transportation Security Administration, I’ve been concerned about where DHS would find qualified resources. In this climate, pooling talent with DoD makes economic sense. This agreement also illustrates that one single department alone cannot address the magnitude of these attacks. The Einstein network intrusion detection program is a good example of this. The National Security Agency and DHS pooled together to assure that tax dollars are being used optimally to create the most sophisticated solution possible. Einstein, a system for monitoring network traffic, was originally the brainchild of the US-CERT within DHS. The project has been subject to budget difficulties, but I am hopeful the program will fulfill its potential to provide a new and expanded cyber defense capability. With this new agreement in place, there may also be an opportunity for the private sector to take part in this initiative. Currently, DHS works in partnership with the private sector through the Information Technology Sector Coordinating Council. I anticipate we may now see DoD joining our meetings.

Thu, Nov 18, 2010 Dr. Rocky Termanini USA

I get sick in my stomach every time I see FCW talk about the same nonsense. FCW’s purpose in life is to get readers excited about any kind of brouhaha that talks about securing the infrastructures of the country.…lots of foreplay and no action. When we tried to submit a scientific paper to address the core of this problem, FWC stalled and did not have the brain to digest it. We’re going to hear over and over the same prayer…DOD and DHS are planning to get in bed to tackle the Stuxnet disease. So what is the next step…more elusive solicitation gibberish with poor funding and ruthless deadlines.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Defense Systems eNewsletters