Securing Critical Infrastructure at a Snail's Pace

Friday, February 11, 2011



A report by the Center for Strategic and International Studies (CSIS) is highly critical of the slow pace of progress at which the government is securing critical infrastructure.

A previous report by the CSIS in 2008 had generated a great deal of rhetoric, giving the impression that cyber security initiatives would be a top priority in the Obama administration.

Unfortunately, issues like a national healthcare plan, the stagnated economy, and the nation's continued engagement in conflicts in the Middle East have meant most of the initiatives outlined in the past have yet to materialize.

Recent events such as the "Night Dragon" attacks, operation Aurora, and the emergence of the Stuxnet Virus provide substantial impetus for the government to redouble efforts to secure critical infrastructure systems.

According to an article in ThreatPost, the latest CSIS report specifies ten crucial security improvements that need to be addressed:

  • Coherent organization and leadership for federal efforts for cybersecurity and recognition of cybersecurity as a national priority
  • Clear authority to mandate better cybersecurity in critical infrastructure and develop new ways to work with the private sector
  • A foreign policy that uses all tools of U.S. power to create norms, new approaches to governance, and consequences for malicious actions in cyberspace. The new policy should lay out a vision for the future of the global Internet
  • An expanded ability to use intelligence and military capabilities for defense against advanced foreign threats
  • Strengthened oversight for privacy and civil liberties, with clear rules and processes adapted to digital technologies
  • Improve authentication of identity for critical infrastructure
  • Build an expanded workforce with adequate cybersecurity skill
  • Change federal acquisition policy to drive the market toward more secure products and Services
  • A revised policy and legal framework to guide government cybersecurity action
  • Research and development (R&D) focused on the hard problems of cybersecurity and a process to identify these problems and allocate funding in a coordinated manner

The CSIS report closes with strong language that emphasizes the need for action now, not in the aftermath of a devastating event:

"Where does this leave the nation as we start a new year? There are two possible outcomes in cybersecurity for the United States. We can continue to pursue outdated strategies and spend our time describing the problem until there is some crisis. Then it is likely that the United States will act, in haste, possibly with unfortunate consequences. Alternatively, we can take action on measurably effective policies. Our opponents still have the advantage, but we can change this."

Possibly Related Articles:
SCADA Government Cyber Security Headlines report Infrastructure Systems CSIS
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.