America’s cybersecurity in context, not panic mode

America’s cybersecurity in context, not panic mode
© Getty Images

The Wall Street Journal in January printed a detailed exposition on the vulnerability of our critical infrastructure, specifically calling out the Federal government’s admission of Russian hacking into parts of our nation’s electrical grid. While sensational, no light was shed on efforts underway to mitigate such incidents or to put into context the risks or consequences of those same incidents. Context is needed in order to fully understand the real risks associated with a serious cyberattack from Russia on our nation’s energy supply or other assets such as dams, banking systems and the internet.

Last summer, the Department of Homeland Security hosted its first-ever National Cybersecurity Summit, bringing together some of the senior-most cybersecurity officials across government including cabinet officials and the Vice President, industry CEOs, and representatives from some of the largest companies in the world. The Administration is to be applauded for their efforts, as there is a clear need for a coordinated, cross-sector, government-industry effort to protect our nation’s critical infrastructure from the growing cybersecurity threat.

ADVERTISEMENT

Within the Federal government, DHS is tasked with leading efforts to champion a coordinated, integrated approach. At the Summit, Homeland Security Secretary Kirstjen NielsenKirstjen Michele NielsenNielsen was warned not to talk to Trump about new Russian election interference: report DHS head: Separating migrant families 'not on the table' Trump moves to crack down on visa overstays MORE announced the creation of the National Risk Management Center, which will focus on evaluating threats and defending US critical infrastructure against hacking. The center will focus on the energy, finance, and telecommunications sectors. “We are reorganizing ourselves for a new fight," said Nielsen, who described the new center as a “focal point” for cybersecurity within the federal government. These efforts are encouraging and should be welcomed.

Then, in September, the Administration released its 2018 National Cyber Strategy, outlining the steps the federal government is taking to advance an open, secure, interoperable, and reliable cyberspace. It stated that the State Department “supports the multi-stakeholder model of Internet governance against attempts to develop state-centric governance models and rejects the use of spurious cybersecurity concerns as a pretext for digital protectionism.”

And this from the report,

"…we are addressing malicious state-sponsored cyber activity that is inherently destabilizing and contrary to the national interests of the United States and its partners and allies. Through cooperation with foreign partners and allies, and engagement with other stakeholders as appropriate, we advocate for a framework of responsible state behavior in cyberspace built upon international law, adherence to voluntary non-binding norms of responsible state behavior that apply during peacetime, and the implementation of practical confidence building measures to reduce the risk of conflict stemming from malicious cyber activity. We also work to ensure that there are consequences for disruptive cyber behavior that harms the United States and our partners…"

In other words, the federal government, including the Pentagon and other national security agencies, are working to protect against Russian (and other state and non-state actors) cyber-attacks on our critical infrastructure. This includes creating real deterrents through potential symmetrical retaliation. We are not sitting ducks, just hoping that no one attacks us.

As we start a new legislative cycle with new congressional balances, we need to rack and stack priorities, risks, costs and benefits with rational thought, not just restating fears. The Administration has made some headway in establishing frameworks for constructive engagement between government, private sector, and international actors. More needs to be done, but fear mongering only inflates the capabilities of our adversaries.

Setting standards for security of critical infrastructure and training personnel for secure operations is one such focus area requiring further discussion, analysis and collaboration. Clarifying the risks and rewards for collaboration within industry and between public and private sectors is another area worth further development.

Cybersecurity is abuzz with activity. Providing a more structured framework for discussion and promotion of the public safety can only enhance our national security and the public good.

Gregory T. Kiley is a former senior professional staff member of the Senate Armed Services Committee and U.S. Air Force Officer.