Federal government must increase focus on critical infrastructure cybersecurity
When the topic of cybersecurity arises in the context of the federal government, the primary focus is typically the need to better protect agencies' networks and digital assets. Undoubtedly, this is a critical consideration, one which has gained even greater prominence in recent months thanks to a number of high-profile federal data breaches at the State Department, White House and elsewhere.
However, governmental cybersecurity efforts are not limited to federal agencies – the government must also protect the nation's critical infrastructure. In this area, departments are making significant progress, but there remains room for a great deal of improvement.
A major source of concern when it comes to the federal government's current approach toward critical infrastructure cybersecurity is simply the increasing danger that these organizations now face. A recent ESG survey of more than 300 security professionals working at critical infrastructure firms found that two-thirds of respondents believe the threat landscape is worse today than it was two years ago, Network World reported. Obviously, this state of affairs is alarming, as a security breach at any of these organizations could potentially prove devastating for the country as a whole.
"Two-thirds of respondents believe the threat landscape is worse today than it was two years ago."
Just as importantly, the study revealed that a significant portion of these critical infrastructure security personnel feel they lack a firm understanding of how the federal government is approaching cybersecurity in this area. A full quarter of respondents said they believe "the U.S. government's cybersecurity strategy is somewhat unclear and not very thorough," according to the source. An additional 5 percent described the government's cybersecurity approach to critical infrastructure as "extremely unclear and not at all thorough." Only 22 percent of respondents said that the government's strategy is "extremely clear and thorough."
Writing for Network World, ESG's Jon Olstik pointed out that these numbers are actually more problematic than they appear initially.
"[I]n spite of over 20 years of cybersecurity dialogue and spending in Washington, most cybersecurity professionals working at critical infrastructure organizations remain uncertain about the U.S. government's role or its plans for this domain," Olstik wrote. "Clearly, the feds must elucidate the government's mission, programs, and objectives in a much more direct and lucid fashion moving forward."
"The federal government is making progress, albeit to a limited degree."
Fortunately, there are signs suggesting that the federal government is making progress in this area, albeit to a limited degree.
Perhaps most notably, President Obama recently signed an executive order at a Silicon Valley cybersecurity summit. As Government Technology reported, this order focused on the issue of information sharing between the private and public sector, and it specifically emphasized the "owners and operators of critical infrastructure." To this end, Obama encouraged the creation of Information Sharing and Analysis Organizations to help critical infrastructure organizations and government agencies to share insight and warnings concerning cyberthreats more easily, quickly and effectively.
At the same time, the news source noted that the federal government recently launched the Cyber Threat Intelligence Integration Center. As with the ISAO initiative, this center's goal is to improve information sharing within and between the public and private sectors. Such an effort could help to alleviate the critical infrastructure concerns highlighted by the ESG survey.
However, these measures are not sufficient in and of themselves to solve the problems the nation's critical infrastructure faces. Ultimately, such efforts need to start with focused, comprehensive cybersecurity policies within federal agencies themselves. Only once a strong, effective strategy is in place can the government clearly lead and protect critical infrastructure organizations. With this in mind, federal agencies that engage with critical infrastructure in any capacity should consider seeking out additional assistance to truly optimize their data protection capabilities.