Cybersecurity

Can collaboration defend U.S. critical infrastructure?

power lines at sunset

America's power supply system is at risk of a cyberattack, NSA director warns. (Stock image)

Vulnerabilities in critical infrastructure, particularly through cybersecurity gaps, are a top concern for government officials and lawmakers. Legislation to address those gaps so far has failed, and key partnerships are crucial to shoring up weaknesses as best as possible until a bill passes, officials say.

Cybersecurity legislation recently passed the House and is moving onto the Senate after failing last year. Without it, however, certain sectors are at a serious security risk. Power companies and other utilities are particularly vulnerable, but collaboration among government agencies and with the private sector is critical, according to Gen. Keith Alexander, National Security Agency director and commander of U.S. Cyber Command.

"When you talk about legislation and developing standards, the power companies are really the ones who have the biggest problem, because if you say, 'We want you all to be here,' some of them can't get there," Alexander said, referring to cybersecurity standards. "I've heard people [say] they're 'below the poverty line' in cybersecurity. For them to leap above it, they don't have the cash on hand to do it. So to set a standard they can't meet is very difficult, and that's part of the pushback. This is one of the big problems we have."

Alexander called on members of industry attending a Northern Virginia Technology Council event on May 10 to help push for legislation, and he tried to clarify the intent of laws that would permit e-mail monitoring for malicious activity – emphasizing that the monitoring would involve no personally identifiable information.

Keith Alexander, DOD photo

Gen. Keith Alexander

"It's not hard technically, but it is hard for our nation to understand. The immediate thing people jump to is civil liberties and privacy; 'you're going to read all our email.' Let me make it clear we are not," he said. "We're asking for industry to look at that and tip that in a meta-data-like sense back to us."

Alexander said if such a measure does not pass, a future attack might lead to hastily written legislation in the future. "[T]wo years after that, we'll say, 'How did we do such terrible legislation?' We have the time to do this now, to get this right, and we should do that."

Meanwhile, agencies and industry are collaborating as best as they can with the current laws, he said. Alexander has frequently discussed the divisions of cybersecurity responsibilities between NSA, CyberCom, Homeland Security Department and the FBI, which he reiterated at the NVTC event. He also called for new guidance to better define how agencies and industry should collaborate.

"Industry owns 90 percent of this space. The government has a responsibility to help defend this space. We've got to come up with a framework for how government and industry work together," Alexander said. "What we're going to have to do is work with each of the sectors, and that's where the framework will come in – to help them get to the right standards. We have a long way to go, and that's a vulnerability we are concerned about, as are other sectors of our government."

It is an idea that DHS shares, according to Joe Jarzombek, director for software assurance within DHS' Office of Cyber Security and Communications.

"You look at the nation's critical infrastructure, and everyone relies on it...but the government does not own or operate it. Therein lies the collaboration needs," Jarzombek said at another industry event earlier in the week. "The point is that within the federal government, we're starting to move forward in this in the same manner... we have a responsibility of helping those who run our critical infrastructure."

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.