Few people would dispute that the United States is in the cross-hairs when it comes to cyber attacks. After all, the U.S. is the country that is the most dependent on the Internet as a component of our critical infrastructure.
Cyber attacks on our critical infrastructure have evolved over the years and pose a substantial threat that should concern everyone.
Gen. Keith Alexander, who leads U.S. Cyber Command and is also director of the National Security Agency, was asked at the Aspen Security Forum last month to rate how prepared the U.S. is to deal with a cyber attack on the nation’s infrastructure.
Gen. Alexander replied, “From my perspective I’d say around a 3” (on a scale of 1 to 10), according to a CNN report. Basically, that’s an “F.”
His comment has left many asking why is the U.S. still in this position when it comes to cybersecurity?
The risk of cyber attacks that target critical infrastructure has been known for a few years. Multiple reports have been written on the subject like the one recently released by European Network and Information Security Agency.
The answer is the same as with most questions today: MONEY! But it also goes deeper than that.
Unlike most countries, most of the U.S. critical infrastructure is privately owned. The owners want the government to pay for them to take the measures to reduce or mitigate this well known risk.
Experts believe the clock is ticking and it is just a matter of time until we experience a successful cyber attack on our infrastructure.
In July the New York Times published a piece covering military officials stating that a 17-fold increase in cyber attacks targeting the U.S. critical infrastructure took place between 2009 and 2011.
Given the widely publicized threats our critical infrastructure face and reports of a substantial increase in serious attacks that are reported by federal authorities, this is clearly a foreseeable risk. As such the utilities must address this risk or face claims of negligence. Let’s not wait until it is too late!
Kevin G. Coleman is a long-time security technology executive and former Chief Strategist at Netscape. He is Senior Fellow with the Technolytics Institute where he provides consulting services on strategic technology and security issues. He writes a weekly blog for Breaking Gov on the topic of cyber intelligence.