06 October 2018

National Security: Cyber Infrastructure Risk...

Is your organization a threat to National Security? That depends on whether you own, install, and maintain Critical Infrastructure. When you hear that term, "Critical Infrastructure" what comes instantly to mind? A bridge, a road or some other shovel ready project?

Yes, the hard leap for many to get their head around is that your cell phone, TV and Internet connection are vital "Critical Infrastructure" and if you are a Verizon, AT&T, Sprint or large cable company in the United States; National Security is a top of mind issue.

Is it possible that our country is at risk because of the same "Risk Management" paradigm that has plagued the Financial Services industry? A lack of resources and focus to deter, detect, defend and document risks to our critical infrastructure, could turn into a systemic and interdependent threat to our national security.

How can you make the case for a 2008 era economic meltdown in the financial services sector, to be similar to the potential failure of the Communications, Information Technology, Water or Energy sector?

It's easy. Look at human behavior and to the motivators of greed, selfishness and just plain blindness to a "risk bubble" just waiting to burst. Who will be the next Bear Stearns, in the Communications Sector?

The truth is, that some Fortune 500 companies marketing departments, may have a larger budget than the information systems, internal audit department and the security department combined. When the nuts and bolts, concrete and plumbing associated with electronic commerce, banking, and just plain mobile communications come to a slow crawl or halt in it's tracks, the government will have to do the same thing all over again.

Bail out or restore the industry and the companies, who are the lifeblood of our Critical Infrastructure.

Our National Security is at stake and the owners and operators are still waiting for the right incentives to invest in robust maintenance and security programs, instead of just more marketing. After all, market share is what shareholders ask about, along with how many new subscribers you won or lost last quarter.

How often do we hear the question at the shareholders meeting, that asks about the amount of downtime, failed systems or customers without service, as a result of a "Glitch" or fried circuit board?

So how does the electronic critical infrastructure really impact National Security?  The Department of Homeland Security (DHS) has the lead.  The mission is to lead the national effort to secure Critical Infrastructure from all hazards by managing risk and enhancing resilience through collaboration with the critical infrastructure community.

"The Office of Infrastructure Protection (IP) leads and coordinates national programs and policies on critical infrastructure security and resilience and has established strong partnerships across government and the private sector. The office conducts and facilitates vulnerability and consequence assessments to help critical infrastructure owners and operators and State, local, tribal, and territorial partners understand and address risks to critical infrastructure. IP provides information on emerging threats and hazards so that appropriate actions can be taken. The office also offers tools and training to partners to help them manage the risks to their assets, systems, and networks."

A culture of risk management is slowly moving it's way into the Board Room conversations and the CEO may be on notice, if the "Tone at the Top" is not focused on Enterprise Business Resilience. However, that "Tone at the Top" needs to go beyond the shareholder value conversation, to the National Security topic.

One only has to look further in a few places on the "Net," to better understand what the offensive cyberwarfare conversation is all about, as the Advanced Persistent Threat (APT) has evolved in the past few years.

Once you understand that many cyber incidents with our U.S. Critical Infrastructure are just a test, then you will realize that U.S. shovel ready projects need a new public service announcement (PSA), with a shock value of texting while driving.

The risk of a specific kind of behavior on the road or the critical infrastructure complacency within the corporate enterprise, can have the same results. We have already nationalized the likes of AIG, Freddie Mac and Fannie Mae after the last financial crisis.

Perhaps it time to do the same for Amazon, Verizon, AT&T, Sprint and others, who are vital assets in our National Security and have them report directly to the Pentagon...think about it.

No comments:

Post a Comment