Critical Infrastructure Cybersecurity – Center Stage A Decade After The 9/11 Commission Report

by Charles Brooks, Featured Contributor

AT THE RECENT 2014 Aspen Ideas Festival, former 9/11 Commission Chairman and Governor of New Jersey, Tom Kean, noted that cybersecurity has exponentially grown as a threat since the original 9/11 Commission Report was issued.

The Governor is right–much has changed in the last decade. While dire terrorism threats remain, cyberterrorism and cybercrime have elevated as persistent, sophisticated, and dangerous threats to security and commerce.

The new reality is that almost all of our critical infrastructures operate in a digital environment, including the health care, transportation, communications, financial, and energy industries. While the information technology landscape has greatly evolved, so have the vulnerabilities. Ten years after 9/11 we are all reliant on the Internet’s connectivity for vital human services in almost every aspect of our daily lives.

security privacy cyberIn addition to its primary role in combating terrorism, the Department of Homeland Security (DHS) has assumed the lead civilian agency role in government for addressing cybersecurity. The agency’s role has evolved in correlation with the growing and complex threat, especially to the critical infrastructure.

Developments in the last few years have shaped DHS’s policy role. In July of 2010, The Office of Management and Budget (OMB) designated DHS with the primary responsibilities of overseeing the federal-wide information security program and evaluating its compliance with the Federal Information Security Management Act (FISMA) of 2002. As a result, DHS became responsible for overseeing the protection of the .gov domain and also for detecting and responding to malicious activities and potential threats.  DHS was also charged with annually reviewing the cyber security programs of all federal departments and agencies.

In October of 2012, President Obama issued an Executive Order further delineating DHS’s  increased cybersecurity role toward developing standards and enhancing information sharing with critical infrastructure owners and operators. The Executive Order was aimed at identifying vulnerabilities, ensuring security, and integrating resilience in the public/private cyber ecosystem and had three areas of major focus: 1) Increase information sharing with the private sector, including classified cyber threat data; 2) Create a voluntary framework based on industry best practices to improve the cybersecurity of critical infrastructure providers; and 3) Protect privacy and civil liberties throughout the sharing and framework.  DHS created eight working groups to implement the Executive Order.

Since most of the critical infrastructure in the US is owned and operated by the private sector, DHS recognized the importance for private sector input into cybersecurity strategies and requirements across industry verticals. The Council on Cybersecurity has played a key role in facilitating this dialogue.

Last year, The Council on CyberSecurity formed a 20 Critical Security Controls list with collaboration between the public and private sectors that provides an emerging framework toward protecting the critical infrastructure.  The list is a recommended set of actions for cyber defense that provides specific and actionable ways to stop today’s most pervasive attacks. They were developed and are maintained by a consortium of hundreds of security experts from across the public and private sectors. An underlying theme of the Controls is support for large-scale, standards-based security automation for the management of cyber defenses.

Governor Kean and members of the 9/11 Commission also recognized that DHS and the public need to be proactive rather than reactive to cyber-attacks against sensitive networks. The public and executive management in industry need to be educated on the threats and share information and protocols with the government to mitigate cyber threats to critical infrastructure. The Council on CyberSecurity’s important work in the cyber domain and especially on Critical Security Controls can be a guiding path to making the homeland more secure and resilient in the next decade to the growing cybersecurity threat.

About the Author: Charles (Chuck) Brooks serves as Vice President/Client Executive for DHS at Xerox. Chuck is also a member of The Council on CyberSecurity’s Expert Security Controls Panel. He served in government at the Department of Homeland Security as the first Director of Legislative Affairs for the Science & Technology Directorate. Chuck also spent six years on Capitol Hill as a Senior Advisor to the late Senator Arlen Specter and was Adjunct Faculty Member at Johns Hopkins University where he taught homeland security and Congress. Chuck has an MA in International relations from the University of Chicago, and a BA in Political Science from DePauw University. Chuck is widely published on the subjects of innovation, public/private partnerships, emerging technologies, and issues of cybersecurity.  

Editor’s Note: This Articles originally appeared on Council On Cybersecurity and is featured here with permission from the Author.

Chuck Brooks
Chuck Brooks
Chuck Brooks is a globally recognized thought leader and evangelist for Cybersecurity and Emerging Technologies. LinkedIn named Chuck as one of “The Top 5 Tech People to Follow on LinkedIn”. He was named by Thompson Reuters as a “Top 50 Global Influencer in Risk, Compliance,” and by IFSEC as the “#2 Global Cybersecurity Influencer” in 2018. He is also a Cybersecurity Expert for “The Network” at the Washington Post, Visiting Editor at Homeland Security Today, and a Contributor to FORBES. In government, Chuck has received two senior Presidential appointments. Under President George W. Bush Chuck was appointed to The Department of Homeland Security (DHS) as the first Legislative Director of The Science & Technology Directorate at the Department of Homeland Security. He also was appointed as Special Assistant to the Director of Voice of America under President Reagan. He served as a top Advisor to the late Senator Arlen Specter on Capitol Hill covering security and technology issues on Capitol Hill. In local government, he also worked as an Auxiliary Police officer for Arlington, Virginia. In industry, Chuck has served in senior executive roles for General Dynamics as the Principal Market Growth Strategist for Cyber Systems, at Xerox as Vice President & Client Executive for Homeland Security, for Rapiscan and Vice President of R & D, for SRA as Vice President of Government Relations, and for Sutherland as Vice President of Marketing and Government Relations. In academia, Chuck is Adjunct Faculty at Georgetown University’s Applied Intelligence Program and graduate Cybersecurity Programs where he teaches courses on risk management, homeland security, and cybersecurity. He was an Adjunct Faculty Member at Johns Hopkins University where he taught a graduate course on homeland security for two years. He has an MA in International relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law.




🔀 SALON 360° 🔀 "Where Shift Happens"

It's time for more walkin'/less talkin'. It's time to change how we operate and how we cooperate. It's time for "shift" to happen.

Must Read

More Mattering: Talking Tables

As humans, connection is the key to our contentment, happiness, sense of value, sense of belonging. Without it we’re floundering; chasing the next source...