Trump pressed to secure US critical infrastructure

Trump pressed to secure US critical infrastructure

The Trump administration is coming under pressure to safeguard the nation’s critical infrastructure as experts warn of vulnerabilities in the electrical grid and lawmakers fret about potential cyberattacks.

The issue has attracted the attention of policy experts at the Massachusetts Institute of Technology (MIT) who are out with a new report Tuesday exploring how to reduce cyber threats to the electrical grid, oil pipelines and other critical infrastructure.

The experts, led by a former senior National Security Agency (NSA) official, are seeking to nudge the new administration on implementing policy to secure critical sectors from cyber threats.

ADVERTISEMENT
“This is really a strategic problem for the country,” Joel Brenner, who served as the NSA’s inspector general and the head of U.S. counterintelligence in the Office of the Director of National Intelligence, told The Hill.

Concerns about threats to critical infrastructure have risen in the wake of the successful December hack of Ukraine’s power grid, which Kiev has pinned on Russian hackers.

Moscow’s election-related hacks have added a new layer, spurring former President Obama to designate American election infrastructure as critical before leaving office.

An estimated 85 percent of critical infrastructure is privately owned and operated.

The Department of Homeland Security (DHS) works with businesses and local governments to bring cyber protections to entities across more than a dozen critical infrastructure sectors, and legislation passed by Congress in 2015 encouraged the department to exchange what are called “critical threat indicators” with private organizations more quickly.

However, lawmakers like Rep. John Ratcliffe (R-Texas) say the department needs to do more to ensure cybersecurity of critical infrastructure in the face of increasing threats.

“The threat to our nation’s critical infrastructure is constantly compounding as bad actors continue taking advantage of more advanced [tactics] and utilizing higher-quality information,” Ratcliffe, who chairs the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection, told The Hill. “I’m glad our cybersecurity legislation that was signed into law in 2015 has amplified DHS’s ability to combat this growing threat.”

“In analyzing the implementation of this law, we’ve seen how important it is to adequately harness the potential to be gained from strengthening our partnership with the private sector,” Ratcliffe said. “It’s my hope that the administration will also prioritize partnership with the private sector as we work together to tackle this important issue.”

The Trump administration appears to be taking the hint. President Trump’s proposed fiscal 2018 federal budget allocates $1.5 billion for Homeland Security to tackle cybersecurity, including protecting critical infrastructure.

The budget proposal also directs the agency to ramp up cyber information sharing with federal agencies and the private sector for faster response times to attacks on federal networks and critical infrastructure.

White House homeland security adviser Thomas Bossert emphasized at a recent conference that protecting critical infrastructure at greatest risk will be a priority of the new administration on cybersecurity, second only to safeguarding federal networks. He said that the new administration plans to partner with the owners and operators of critical infrastructure to achieve this goal.

Brenner warned that previous administrations have engaged in “aspirational happy talk” about defending critical infrastructure without taking action.

Among the major recommendations put forth by the MIT experts is that Trump should elevate his cybersecurity coordinator to the position of deputy national security adviser for cybersecurity and empower him to work with the Office of Management and Budget to implement long-term policy across the government.

The report also recommends that the new administration consider creating incentives for businesses to produce and use more secure hardware and software in critical infrastructure after representatives of the energy, oil and natural gas sectors said these materials were a “significant source of cyber vulnerabilities.”

Perhaps the most significant finding of the study, Brenner said, was the recommendation to remove portions of key infrastructure, like the electrical grid, from the internet.

“We concluded, and with enormous support from the many cybersecurity officials in the industry that we talked to, that you cannot make critical infrastructure reasonably safe if you don’t isolate key elements of it from public networks,” Brenner said.

“We’re going to have to work closely with the private sector to discuss what do we mean by isolation, how isolated, and how long would it take to do this, and what would it cost, and what kind of incentives can we give companies to do it?”

Brenner said that the MIT report — compiled over two years — could serve as a complement to Trump’s forthcoming cybersecurity executive order, which is expected to focus on securing federal networks.

It is unclear when the White House will finalize the revised executive order, the signing of which was abruptly delayed in January.