How the U.S. Federal Government May Protect Critical Infrastructure, Industry
Congressman C.A. Dutch Ruppersberger (D-MD), a member of the House Appropriations Homeland Security Committee, has issued a report calling on the board’s subcommittee to reallocate funding to improve the cyber safety of the country’s critical infrastructure and private industry.
The legislator’s report, compiled from some 50 briefings, meetings and roundtables in the last year with stakeholders, advocates for closer security collaboration between the public and private sectors. Ruppersberger offered specific recommendations to the subcommittee to strengthen the Department of Homeland Security’s (DHS) cybersecurity efforts.
The report includes seven specific suggestions for the subcommittee:
- Hold its first cybersecurity-specific budget hearing during FY2019.
- Support DHS’s efforts to protect against the threats posed by the leak of exploitable vulnerabilities. (See Shadow Brokers.)
- Back DHS’s efforts to protect against threats targeting industrial control systems, such as the energy grid.
- Evaluate the merits of shifting funding for cyber research and development from the Science & Technology Directorate to the National Protection and Programs Directorate (NPPD), as proposed in Trump’s budget for FY2019.
- Focus on DHS’s efforts to improve the way the government and private sector share information about potential and confirmed cybersecurity threats.
- Explore alternative organizational structures within the government to better execute the cybersecurity mission
- Evaluate DHS’s implementation of President Trump’s National Infrastructure Advisory Council recommendations.
“We can no longer rely solely on reactive indicator-based sharing programs to protect against and deter increasingly sophisticated threat-actors that are rapidly adapting and changing their tactics, techniques and procedures,” Ruppersberger wrote in the report.
“Government agencies and industry need to develop and deploy better, more meaningful threat intelligence that communicates context of impact and furthers prioritization efforts to ensure greater resilience for their information and networks,” he said. “It is also critical that the government finally make good on its promise to demonstrate a value to the private sector of sharing threat intelligence.”
The Congressman paid special attention in the report to nation state threats on the country’s critical infrastructure. “The subcommittee should consider funding additional Department work on protecting industrial control systems and other operational technology, particularly given the extensive use of such systems in critical infrastructure facilities,” Ruppersberger wrote.
In February, the Trump administration asked Congress for $3.4 billion to fund a DHS division tasked with battling cyber threats to federal networks and critical infrastructure. Trump has proposed moving cyber research and development to the NPPD from its current home at the Science & Technology Directorate. In late April, Trump sent Congress a long-awaited, classified cybersecurity report detailing U.S. policy for defending the country against foreign nation state hackers.
Meanwhile, the turf war between various government agencies over cybersecurity policies and programs is stymieing DHS proposed legislation, U.S. senators said, pointing to disagreement with the Senate Intelligence Committee, The Hill reported. One reason for the incessant territorial tussles is the absence of a single federal agency to oversee cybersecurity. Responsibilities for their own networks is spread among a myriad of agencies.
“The reality of the situation is there is conflict here,” said Ron Johnson (R-WI) at a hearing last Wednesday, according to The Hill. “This threat is too significant to allow turf wars to get in the way of as efficient an operation as possible in terms of dealing with a very complex and serious problem.”