Crossroads Blog | CYBER SECURITY LAW AND POLICY

critical infrastructure, Cybersecurity

Cyber Round Up: DOE and MIT Sloan Partner Up for Grid Security, DoD Needs to Focus its Hiring Efforts, USCG RDML Thomas on Port Security

  • MIT Sloan and DOE Cyber Initiative (PR Newswire): The U.S. Department of Energy announced a $34 million initiative aimed at improving the U.S. grid, oil, and natural gas infrastructure from cyber threats, according to an article in PR Newswire.  The article states that MIT’s Sloan School of Management Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity (IC³) will receive $3.5 million as part of this DOE program.  Furthermore, the article indicates that the University of Illinois Cyber Resilient Energy Delivery Consortium (CREDC), which is comprised of 11 national laboratories and universities (including IC³), is being awarded $22.5 million as part of this initiative.  According to the article, Prof. Stuart Madnick (the director of IC³) believes that we are facing a worldwide crisis in the context of cybersecurity and critical infrastructure.  The article indicates that some of the key projects being planned are:
  • the development of baselines and models that organizations can leverage for cyber-risk analysis, increased protection, and ROI calculations;
  • the application of lessons learned from “accident” prevention research to help prevent cybersecurity failures;
  • table-top exercises: simulation and modeling of cybersecurity resilience;
  • how to incentivize stakeholders to encourage effective information sharing; and
  • assessing and increasing C-suite adoption of and commitment to cybersecurity efforts.

The full text of the article can be found here. Previous blog coverage can also be found at this location.

  • The DoD Needs to Focus Cyber Hiring Efforts on Quality vs. Quantity (Task & Purpose): This article discusses U.S. hiring efforts for cyber professionals within the DoD and draws the analogy that this is like installing an elaborate security system and then leaving your front door unlocked.  In a world with finite resources the article also raises an interesting point concerning the impact to private organizations that are also competing for scarce cyber resources.  The article goes on to say that strengthening our cyber resolve through cyber professionals is only addressing part of the problem and that more needs to be done with respect to training users in safe cyber practices.  Finally the article points out that traditional theories of motivation may be outdated and the U.S. should consider focusing on the following: purpose, patriotism, and personal growth.  Private sector companies have taken a number of steps to boost employee morale; however the article acknowledges that salaries will at least have to be “fair” in order for recruitment to work.  The full text of the article appears here.
  • Update: USCG Testifies regarding Port Cyber Security (House.gov):  This written testimony is from United States Coast Guard Rear Admiral (RDML) Paul Thomas, Assistant Commandant for Prevention Policy, and was submitted to the House Committee on Homeland Security and the Border & Maritime Security Sub-committee.  In the testimony, RDML Thomas iterates that the USCG recently proposed three strategic priorities:
    1. defending USCG cyberspace;
    2. enabling Coast Guard operations;
    3. protecting critical maritime infrastructure.

To effectuate this, the USCG plans to look at the big picture using the term “cyber risk management” which also examines how the maritime transportation system (MTS) is reliant upon information technology systems to work within the global supply chain, according to the testimony.  RDML Thomas’ testimony also asserts that the USCG is looking at both cyberattacks and cyber accidents and developing an understanding of how to plan for and mitigate each.  This testimony indicates that the USCG is working with DHS as well as other government agencies to help identify cyber risks in the maritime industry.  The full text of the testimony can be found here; and for a discussion of the GAO report on Port security, see this previous post.

 

Leave a Reply