Cybersecurity

Protecting physical infrastructure with cyber

The National Protections and Program Directorate's reorganization is still awaiting congressional approval, but the under secretary for the Department of Homeland Security's cyber division has a clear sense of mission, and a clear message to agencies and companies preparing for cyber threats: the way to minimize physical consequences to critical infrastructure is by prioritizing a "holistic" view of cybersecurity.

Speaking at the MetricStream GRC Summit April 27, Suzanne Spaulding said that preventing "devastating" physical consequences to America's most critical infrastructure relies on a strong cyber front.

"When a lot of people think of infrastructure, they think of roads and bridges… But it is so much more than that," said Spaulding. "It's so easy to cede [cybersecurity] to the technical folks and to put this in a stovepipe, that it's only about IT systems and networks, when really it has to be a part of that broader conversation about that functionality within those critical infrastructures."

Spaulding cited the hacking of the Ukrainian electrical grid as a "watershed" real-world example of cyber threats posing physical consequences for infrastructure on which citizens depend.

"We saw for the very first time a cyber attack that brought down critical infrastructure upon which civilian populations depend," she said of the attack, which resulted in power outages for over 225,000 Ukrainians. "But the methods used were not all that sophisticated. We know how to mitigate those."

Spaulding estimated that "90 to 95 percent" of malicious cyber activity, mostly stemming from social engineering and spear phishing, could be solved by basic cyber hygiene, and quickly resolved by being prepared for the "what if" in the event of a cyber attack.

She applauded the preparations in place that allowed Ukraine to restore power "in six hours," despite the widespread effects of the grid hacking.

Spaulding also said the DHS division's name change, to Cyber Infrastructure Protection, is more than mere verbiage.  She contended it represents a shift towards being an "operational component" of DHS. This reflects the "activity we are now taking every single day all across the country… to better manage risks and our focus is on enhancing the security and resilience of our nation's critical infrastructure," Spaulding said.

About the Author

Chase Gunter is a former FCW staff writer.

Featured

  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.