Cybersecurity

Protecting physical infrastructure with cyber

The National Protections and Program Directorate's reorganization is still awaiting congressional approval, but the under secretary for the Department of Homeland Security's cyber division has a clear sense of mission, and a clear message to agencies and companies preparing for cyber threats: the way to minimize physical consequences to critical infrastructure is by prioritizing a "holistic" view of cybersecurity.

Speaking at the MetricStream GRC Summit April 27, Suzanne Spaulding said that preventing "devastating" physical consequences to America's most critical infrastructure relies on a strong cyber front.

"When a lot of people think of infrastructure, they think of roads and bridges… But it is so much more than that," said Spaulding. "It's so easy to cede [cybersecurity] to the technical folks and to put this in a stovepipe, that it's only about IT systems and networks, when really it has to be a part of that broader conversation about that functionality within those critical infrastructures."

Spaulding cited the hacking of the Ukrainian electrical grid as a "watershed" real-world example of cyber threats posing physical consequences for infrastructure on which citizens depend.

"We saw for the very first time a cyber attack that brought down critical infrastructure upon which civilian populations depend," she said of the attack, which resulted in power outages for over 225,000 Ukrainians. "But the methods used were not all that sophisticated. We know how to mitigate those."

Spaulding estimated that "90 to 95 percent" of malicious cyber activity, mostly stemming from social engineering and spear phishing, could be solved by basic cyber hygiene, and quickly resolved by being prepared for the "what if" in the event of a cyber attack.

She applauded the preparations in place that allowed Ukraine to restore power "in six hours," despite the widespread effects of the grid hacking.

Spaulding also said the DHS division's name change, to Cyber Infrastructure Protection, is more than mere verbiage.  She contended it represents a shift towards being an "operational component" of DHS. This reflects the "activity we are now taking every single day all across the country… to better manage risks and our focus is on enhancing the security and resilience of our nation's critical infrastructure," Spaulding said.

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.