The need to protect critical infrastructure from the actions of those who seek to harm the nation came into sharp focus following the attacks of 9/11.
Since that time, the US government has identified 16 critical sectors whose, “assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.”
These are ominous words indeed. If your business operates in one of these sectors, no doubt you have spent a few sleepless nights considering the threats to your organization and the actions needed to counter them.
The Internet of Things and Other New Threats
Unfortunately, with the rise of the Internet of Things and the increasingly complex cyber supply chain, the threats have only grown in number and complexity leading some experts to ask, “Is anything not critical infrastructure?” Recently, lawmakers have pointed to cyber attacks on the Ukraine’s power grid and election-related hacks to stress the need for new, more effective countermeasures to protect critical infrastructure.
However, they concede government can only do so much. With an estimated 85% of critical infrastructure privately owned, there’s a clear need for government to strengthen partnerships with the private sector.
Developing an Effective Public/Private Partnership
Among those leading efforts to strengthen the public-private sector partnership is Fortinet’s Chief Information Security Officer, Philip Quade. Mr. Quade, who has served as the NSA director’s special assistant for cyber and chief of the NSA Cyber Task Force, warns that the evolving nature of the threat means we can no longer “bring a knife to a gunfight.”
He also cautions that the problems are complex and there are no easy, quick fixes. What is needed is a sustained effort where the public and private sector adopt new ways of collaborating to identify specific risks to prevent and engineer out of critical systems.
In an interview with Network World, Quade recommends a 5-step strategy:
- Bring together leaders and stakeholders from the private and public sectors to share information and expertise, and take meaningful actions that address problems as they are identified through integration and influence, not control.
- Shift focus from identifying bad actors to determining and addressing consequences to enable a more timely, effective response to unexpected threats.
- Develop information sharing platforms to automate contextual exchanges across critical infrastructure entities and between IT and OT (operations technology) infrastructures with a focus on identifying and mitigating threats before they lead to system compromise.
- Break down silos between OT, IT and physical security to leverage the strategies, technologies and expertise that span all.
- Establish a common vision for securing critical infrastructure with governance constructs to provide oversight and assistance while encouraging participation and compliance.
Read also: Cybersecurity Challenges in the Oil & Gas Sector >>
The threat to our critical infrastructure is real and a successful attack could be potentially devastating to business, government and the public. A Fortinet Platinum Partner, Resilient has the expertise and cybersecurity technology to help you join the effort to protect our nation’s critical infrastructure while ensuring that your organization thrives in an increasingly dangerous and interconnected world. Learn more.