Get Ready for Cyberattacks across Many Critical Networks
In a recent interview, I said that America’s adversaries “may not do us the kindness of attacking only a single infrastructure sector” in future cyberattacks. Let me take you through this dark scenario. Until now, electric utilities, telecom companies, financial institutions and other vital sectors of our economy have each focused on strengthening their own cybersecurity. These efforts are important, but not nearly sufficient.
In a recent study for Homeland Security Secretary Jeh Johnson, conducted by the Homeland Security Advisory Council (HSAC), which I co-chaired, my colleagues and I concluded that our adversaries might well use cyberwarfare to attack multiple infrastructure sectors at the same time. This prospect vastly complicates those industries’ separate efforts to restore electricity, telecommunications, financial transactions and other vital services when the United States faces cyberattacks on the systems on which our economy and national security depend.
Moreover, these critical infrastructure systems are extraordinarily interdependent. If a cyber-adversary takes down our power grid, our electric utility companies will rely on telecommunications systems to restore power — but those telecom systems rely on electricity to function. Similarly, the country’s key financial services companies rely on both the electric grid and telecom services to sustain the economy. Our recent HSAC report found that in a simultaneous strike on all three sectors, the government’s current response plans would fall far short.
The HSAC report offered a series of proposals to begin to address this serious shortfall. We urged Secretary Johnson to revamp the National Cyber Incident Response Plan (NCIRP), so the government can respond more effectively to private-sector requests for assistance in fighting our cyber-enemies. We also called for deeper engagement with governors in efforts to coordinate the restoration of services when several critical infrastructure system are attacked. The first principle in planning for such a scenario is to strengthen planning and coordination between private-sector infrastructure companies and all levels of our government.
These are very challenging tasks, but failing to take them on could leave America vulnerable to a potential nightmare scenario.