Energy & Manufacturing

Cybersecurity: Ensuring Prosperity and National Security in a Digital Economy

 

Background
America’s critical infrastructure is an integral part of national security and homeland security. Maintaining the 16 critical infrastructure sectors, which include critical manufacturing, energy, financial services and transportation, requires coordinated action on the part of government (federal, state, and local), the private sector, and the U.S. military. 

The U.S. military has acute dependence on critical infrastructure both domestically and internationally.  The Department of Defense has over 15,000 computer networks among 4,000 worldwide installations, and approximately ninety-eight percent of U.S. government communications travel over civilian owned and operated networks.[1] In fact, roughly eighty-five percent of U.S. critical infrastructure is privately owned or operated, and these networks are highly vulnerable.  The significant cybersecurity threat jeopardizes America’s critical infrastructure and, along with it, the economic viability of U.S. businesses and the freedoms Americans exercise every day.

Despite the notable risk cyber threats pose to American prosperity, there is a wide disparity in investment, maturity, coordination and training on cybersecurity across the various critical infrastructure sectors. According to the US Bureau of Labor Statistics, in 2016 the cybersecurity field experienced an increasing  shortage  of  practitioners  with  over  a  quarter-million  positions  remaining  unfilled  in  the  US  alone  and  a  predicted  shortfall  of  1.5  million  cybersecurity  professionals  by  2019.  Yet cyberspace is the nervous system of critical infrastructure sectors– both in terms of traditional information technology and operational technology.

According to the Department of Homeland Security, 56 percent of all cyber incidents against critical infrastructure in 2013 were directed at energy infrastructure, mostly the electric grid.  In the 2017 Verizon Data Breach Investigations Report, it reported that 63% of breaches of manufacturing and utilities were cyber-espionage related with the majority of those attacks were triggered by phishing.  Almost ¾ of breaches were attributed to state-affiliated threat actors2.  This figure has declined as cyber-attacks against other critical infrastructure have grown, but the threat to our energy infrastructure remains high. Failure to take responsible action leaves the U.S. vulnerable to a variety of threats. Nation-states such as Russia, China, and Iran threaten U.S. critical infrastructure and assets in the interest of furthering their objectives. Cyber espionage is rampant, with U.S. companies estimated to be losing a staggering $300 billion every year in intellectual property.

Rapid advancement in cyber technology development is being fueled by industry modernization, e-commerce and consumer entertainment.  The interconnectedness and openness made possible by the Internet and broader digital ecosystem create unparalleled value for society. But these same qualities make securing today’s cyber landscape difficult.  Technological advancement is outpacing security and will continue to do so unless we change the way we approach and implement cybersecurity strategies and practices.  

Objectives
The Council, in partnership with Pacific Northwest National Laboratory, Verizon Enterprise Solutions and Carnegie Mellon and key representatives from other National Labs, industry, academia, propose to host three dialogues, each with 30-40 experts, focused on the challenges and cybersecurity coordination required in each of the following areas: 

  • Industry – examining both the role of the private sector in U.S. critical infrastructure, the differences in priorities across various sectors, and U.S. industry reliance on critical infrastructure operations. Read the report here.
  • National Security – with specific focus on the domestic critical infrastructure dependence and challenges in cybersecurity collaboration with OGA and the private sector; along with a unified concept of operations and cybersecurity coordination (detection through response). Read the report here.
  • Government – examining the role of government in bridging the gap with private industry, encouraging appropriate information sharing, and modeling their correct role(s) and responsibilities in the innovation cycle.

The findings and recommendations around the six key themes garnered from each of the three dialogues will be synthesized into a national agenda articulating a policy doctrine on American cybersecurity. 

From that doctrine, we will identify the “tent pole” actions that must be taken by specific organizations to meet the challenges and capitalize on the opportunities presented in the doctrine. 

This doctrine will be shared widely with Congress, the Administration industry leaders and academia to drive action and protect American interests from the growing threat of cyber attack.

Cybersecurity Industry              Cybersecurity National Security Cover

View the agenda for Cybersecurity: Ensuring Prosperity in a Digital Economy (Industry) - February 7, 2018

View the agenda for Cybersecurity: An Issue of National Security - April 25, 2017

View the agenda for Cybersecurity: Engaging Government & Policymakers - June 19, 2018

 
This site uses cookies in accordance with our Privacy Policy. To continue browsing our site and consent to our use of data by cookies, click "I Understand."
I understand