The United States benefits greatly from the use of cyber technology to facilitate every aspect of modern life – to operate the government, critical infrastructure, and general business and citizen enterprises.
These advantages, however, come with challenges. Reliance on information technologies and industrial control systems has made our nation highly vulnerable to foreign cyber-attack or intrusion.
In clear recognition of those vulnerabilities, the U.S. Congress has initiated action which may shape cybersecurity strategy and policy long into the future. Following issuance of the February 2017 Report of the Defense Science Board’s Task Force on Cyber Deterrence, the U.S. Senate Armed Services Committee held hearings on March 2 on the topic of “Cyber Strategy and Policy.” The Committee and its newly created Subcommittee on Cybersecurity are in the early stages of drafting legislation which may guide opportunities for defense and non-defense cyber-security companies to contribute to our nation’s defense and economic prosperity.
Significant threats
The United States faces significant cyber threats from a number of potential adversaries, most notably Russia, China, Iran, North Korea, and terrorist groups such as ISIS. As the daily headlines note, such attacks will only increase in frequency and in potential damage and costs in the coming decade.
As noted in a recent op-ed, U.S. Senator Mike Rounds, who chairs the new Senate Subcommittee on Cybersecurity, wrote:
“Senior officials at the Pentagon have been warning about a ‘Cyber 9/11’ or ‘Cyber Pearl Harbor’ for years. We already know that foreign actors have attempted to access the cyber domains of critical infrastructure in the United States.
Imagine what would happen if a foreign actor interfered with the operations of a nuclear power plant, or shut down the communications that control aircraft operations, rail operations or water releases from large dams. Such an attack on our critical infrastructure could threaten our entire economy or – worse – lead to loss of life. Without an appropriate plan in place to stop or respond to these cyber-attacks, we put ourselves at increased risk for a catastrophic attack to occur.”
It is the mission and responsibility of the new Senate Subcommittee to help establish and guide our nation’s policies and programs related to cyber forces and capabilities.
A role for industry
Speaking before the Committee earlier this year at a hearing on foreign cyber threats, Marcel Lettre, then Undersecretary of Defense for Intelligence, said: “We must continue to seek help from American industry -- the source of much of the world’s greatest technology talent -- in innovating to find cyber defense solutions, strengthen our deterrence, and build resiliency into our critical infrastructure systems.”
The nation’s 16 critical infrastructure segments include: chemicals, commercial facilities, communications, critical manufacturing, dams, defense industrial base, emergency services, energy, financial services, food and agriculture, government facilities, health care and public health, information technology, nuclear reactors and materials, transportation systems, and water and wastewater.
The February 2017 Report by the Task Force on Cyber Deterrence of the Defense Science Board of the Department of Defense stressed the need to enhance the “foundational capabilities” of our nation’s cyber-defense, particularly the development of innovative technological defenses and improved means of cyber attribution “to bolster deterrence of the most important cyber threats”:
“Enhance Foundational Capabilities: In addition to the measures outlined above, the Department of Defense and the broader U.S. Government must pursue several different types of capabilities, such as enhancing cyber attribution, the broad cyber resilience of the joint force, and innovative technologies that can enhance the cyber security of the most vital U.S. critical infrastructure.”
The recent creation of the new Senate Subcommittee promises to shape the next generation of policies and priorities in the improvement of cybersecurity with regard to our nation’s infrastructure and to offer defense and non-defense firms substantial opportunities to contribute to our national security through innovative technologies and services to ensure resilience and deterrence in a wide range of essential industries.