McLEAN, VA (October 4, 2017) – Public-private partnerships and information sharing arrangements are essential to making critical infrastructure more resilient against cyber attacks, according to a panel of experts INSA convened today at the MITRE Corporation. INSA’s Domestic Security Council and Cyber Council co-hosted the discussion.
“Cyber, I think, is by far the most worrisome threat that we face from the perspective of the energy sector,” Devon Streit, a deputy assistant secretary from the U.S. Department of Energy, told the audience of 125 INSA members and guests. Streit encouraged the audience to think about how industry and government can work through the liability, legal and privacy issues that often impede sharing information on cyber threats more quickly.
“It is not a simple challenge, but certainly in light of the potential consequences … it can’t be business as usual, both from the federal standpoint, from the state and local standpoint, and also from the industry side,” she said.
Isaac Janak from the State of Virginia’s Homeland Security office agreed.
“I think we need to do a better job of improving trust amongst our partners,” Janak said. “We do have existing relationships with [U.S. Department of] Homeland Security, FBI, private sector, but I think there is always room for improvement to better share that information and ensure we are not going to use that information to slap [private sector operators of critical infrastructure] on the wrist.”
As emerging technologies influence how critical infrastructure sectors operate, public-private partnerships will play an important role, said William Anderson, who at the Transportation Research Board helps states learn how to implement best practices from across the country. He cited the efforts underway by government, industry, and nonprofit agencies to develop a center of excellence for automated and interconnected vehicles, where cybersecurity threats and risks could be explored within a trusted network.
“As long as we can move in that direction, then we’ll be able to get down to a place where this security element can be added into the technology development much more quickly,” Anderson said.
Panelists also discussed the importance of training and education. Cal Bowman, deputy director of homeland security for the State of Maryland, recommended joint exercises between the public and private sectors to identify cyber vulnerabilities that could be exploited in standalone attacks and in times of emergencies, like natural disasters.
VIDEO: Cyber Threats to Critical Infrastructure
- William Anderson, Senior Program Officer, Transportation Research Board, The National Academies of Sciences, Engineering, and Medicine
- Cal Bowman, Deputy Director of Homeland Security, State of Maryland
- Isaac Janak, Cyber Security Program Manager, Office of Public Safety and Homeland Security, Commonwealth of Virginia
- Devon Streit, Deputy Assistant Secretary for Infrastructure Security and Energy Restoration, U.S. Department of Energy
- Sam Visner, Senior Vice President for Cybersecurity and Resilience, ICF International (moderator)
Cyber, I think, is by far the most worrisome threat that we face from the perspective of the energy sector
“I would say that any sort of exercise—whether it’s regional, a state, local—should have some kind of cyber element embedded into it, and I don’t think we see that enough,” Bowman said. Research and development priorities, approaches to mitigation and recovery, and the 2016 Ransomware attack on the Dallas Area Rapid Transportation (DART) system were among the issues raised during the 90-minute discussion. “We are slowly being drained by these attacks—many times not reported—to the point our infrastructure can no longer support the burden of those costs,” Bowman said.