Lessons from Equifax: US needs secure technology networks in all public infrastructure

The very recent Equifax data breach was another ominous “wake-up call.” Americans were reminded once again that our data networks are very vulnerable.

More significant, though, is the fact that cyber attacks don’t just involve data breaches. Critical infrastructure can be compromised just as easily—water systems, electrical grids, airports and public transportation. Lives can be lost just as quickly as critical information and data.

Currently, the National Infrastructure Advisory Council has warned of a “watershed, cyber-attack” and the Department of Homeland Security (DHS) has called for government officials to explore new ways to combat cyberattacks through public-private collaborations.

Consider these:

• In 2016, an Iranian national was indicted for taking control of New York State’s Bowman Dam.
• Autonomous vehicles are controlled through technology networks.
• Public transportation relies on technology networks.
• Only half of IT Managers in government say they have ever even recommended cybersecurity changes.
• Even if changes were recommended, most governmental entities lack the funding that would be required to implement major changes.
• Russians were recently able to hack into some of America’s voting system networks.
• Most of the country’s public transportation relies on various types of technology networks.
• Cities are rushing to launch Smart City initiatives but the increased connectivity and greater reliance on technology networks make them even more vulnerable to cyberattacks.
• The U.S. is facing a skilled workforce shortage when it comes to cybersecurity and some 350,000 technology job openings in 2017 are unfilled.
• Additional collaboration with private-sector cybersecurity experts has not happened quickly.

However, some public-private collaboration is occurring. An Internet and Communications Resilience Working Group is functioning under the guidance of the Homeland Security Department’s National Security Telecommunications Advisory Committee. It is tasked with keeping the government up to date with industry advice related to cybersecurity.

Activity can also be seen in a few states. A Virginia Community College System Cyber Security Advisory Board has been created and an inaugural meeting was held recently. This board is composed of private security experts and government leaders whose objective will be to shape education curriculum and ensure that students are graduating with high-level technology skills related to cybersecurity.

A public-private partnership related to Cyber Disruption Response Strategy has been created in Wisconsin. The group is meeting monthly to discuss cybersecurity issues facing the state. Their work will include vulnerability assessments, response to incidents and the development of future technology strategies. Five private-sector utilities are a part of this working group.

The state of New York has established a specialized unit designed to set standards, provide cyber defense and incident response and issue guidance on cyber defense. Los Angeles has a Cyber Intrusion Command Center which now operates 24 hours a day. The center is responsible for monitoring the cyber health of the city. It brings together state, federal and private groups to share information and monitor threats.

The federal government, trying to address some of the vulnerabilities, has launched a cyber lab that will share information when breaches occur. It is composed of both public and private sector experts. Veterans are also being trained for cybersecurity jobs and other government programs are fostering collaboration between private-sector technology firms, universities, and civilian agencies. The General Services Administration (GSA) created a program that allows discounted cybersecurity training to government agencies.

The 2018 Global City Team Challenges sponsored by the National Institute of Technology and the Department of Homeland Security will focus on cybersecurity and how it should be developed for smart cities. It has become all too obvious that the connectivity in smart city initiatives creates huge vulnerabilities with critical infrastructure that controls transportation, emergency operations, and water systems.

It is truly a new and evolving world and technology challenges are daunting. The country’s technology systems are an important part of our national infrastructure – as much a part as our roads, bridges, electrical grids and water systems. This particular type of public asset must be protected, maintained and upgraded on a continual basis.

—

DISCLAIMER: This article expresses my own ideas and opinions. Any information I have shared are from sources that I believe to be reliable and accurate. I did not receive any financial compensation in writing this post, nor do I own any shares in any company I’ve mentioned. I encourage any reader to do their own diligent research first before making any investment decisions.