Cybersecurity: Public and Private Interests
Who is Responsible?
The Department of Homeland Security insists that the "security and resilience of [this] critical infrastructure is vital not only to public confidence, but also to the Nation's safety, prosperity, and well-being".
This begs the question...
Whose job is it to shore up the private sector's cybersecurity defenses?
The American Way of Life
Critical Infrastructure and Essential Services
November is Critical Infrastructure Security and Resilience (CISR) Month. It is essential to understand that the Nation's critical infrastructure continuously provides essential services which sustain the American way of life including the electric power we use in our homes and businesses, the transportation systems that get us from place to place, the first responders and hospitals in our communities, the farms that grow and raise our food, the water we drink or the stores we shop in, as well as the Internet and communication systems we rely on to connect to our broad networks.
The Department of Homeland Security insists that the "security and resilience of this critical infrastructure is vital not only to public confidence, but also to the Nation's safety, prosperity, and well-being". Cyber-attacks continue to cast a dark shadow over the otherwise brilliant cyber world as a major security threat to American infrastructure. Both public and private sector entities share the role as victims of an increasing number of security breaches. In this segment we will cover some specific targets hackers are taking aim on domestically in the United States, we will identify some of the solutions being talked about by academic leaders and industry professionals as well as the friction currently impeding progress towards a more secure and resilient infrastructure.
The Private Sector
Attackers and hackers can come from just about anywhere, both abroad and within the United States; determining their motives is not always easy since their goals can vary. Some seek to steal industrial secrets, while others are digging for consumer data which has itself become a $200 billion dollar industry. Yet some hackers seek only to cause disorder, interfering with networks, and bringing businesses and individuals' cyber productivity to a screeching halt. It is well known that personal information is at risk of theft through both personal devices and from breaches in massive data stores held by companies or government organizations. The Privacy Rights Clearinghouse has published an updated list of reported data breaches; showing that more than 534 million personal records in the form of Social Security Numbers and financial account information have been compromised since 2005.
Even though these numbers are staggering, the real losses are coming from the private sector where businesses are under fire for lax security. Corporations and individuals are targeting soft spots in competitors' networks leading to industry secrets being stolen. This in turn decimates returns on research investments, compromises any advantageous opportunities which proprietary information, disruptive technologies, or business practices would have had in the market.
Small businesses and large corporations alike are increasingly becoming targets for cyber attacks and data breaches due to their less than adequate security measures that place consumers' data at great risk. So whose job is it to shore up the private sector cyber defenses? The answer may be more complicated than you'd expect. If the direct cost of providing better security measures for private business information and consumer data is greater than the perceived risk involved in maintaining current levels of security then your average shareholder or CEO may not find it in their best interest. This lack of concern may cause consumers and the economy as a whole a lot of trouble.
If it is then the government's job to step in and create regulations to increase cyber security measures in the business sector we better expect opposition from businesses who consider this a threat to their ability to operate flexibly or who believe such requirement mandates should be subsidized by the government itself. Phillip Bond, president and CEO of TechAmerica, a technology industry association, has said that "it is crucial that Congress act and pass national legislation addressing security and data breach." But perhaps the form of that requirement should be ambiguous, as he suggests, and that a smart way to approach this problem is not to enforce specific obligations, but only to set a goal which is left up to the businesses to find a personalized solution for their needs.
Connecting the Dots
The Internet of Things (IoT)
Many struggle to connect the dots between the laggards of the private sector and the growing concern of the federal government. This disconnect is easily bridged when you consider the nation's critical infrastructure. According to Steven Low, Professor of Computer Science and Electrical Engineering at the California Institute of Technology "We are at the cusp of a historic transformation of our energy systems", and due to the birth of the industrial internet, other wise known as the Internet of things, "The power network, from generation to transmission and distribution to consumption, will undergo the same kind of architectural transformation in the coming decades that computing and the communication network has gone through in the last two." This means that in the future our electric grid, water utilities, along with most if not all aspects of this nations infrastructure will be connected by "hundreds of millions of distributed energy resources such as solar panels, wind turbines, electric vehicles, energy storage devices, smart buildings, smart appliances, smart inverters" and each of these will communicate to one another; such a future will mean incredible efficiency and tremendous gains in productivity.
The challenge is that the internet of things for the time being is a double edged sword due to the unwillingness or lack of cyber awareness within the private industry. Each of those hundreds of millions of interconnected devices act as weak points that hackers could target and wreak havoc on, even a small breach could mean devastating effects on wide spread areas. But fear not, even now research is being done in anticipation of these problems, Professor Low insists that "Intelligence will be embedded everywhere, from solar panels and electric vehicles to smart appliances and energy storage devices, from homes to micro-grids to substations." The kind of intelligence Professor Low is talking about in his Smart Grid research points to innovative measures which turn these formerly rigid and susceptible orthodox networks into complex, reactive systems which can stop the spread of the effects of an attack instead of propagating them.
The cyber world is ever changing and we must evolve with it. As individuals and as large corporations we now face decisions that could have a dramatic impact on life as we know it. We must make the conscious choice to become more aware of our new surroundings and to take precautions to help create a more secure and resilient cyber space for everyone to utilize. The government will face tough decisions on how to speed this process along but not everything is doom and gloom; people like Professor Steven Low who carry the torch to light the way to a brighter future embody the same mission that all of us at the National Cyber Partnership pursue. Together we will create a workforce and cyber space environment to combat those who seek to take advantage of the system, sew discord in our society, and threaten our national security.
Visit the Department of Homeland Security website to learn more about: Critical Infrastructure Security and Resilience Month