An Infrastructure Plan in the 21st Century Needs to Address Cybersecurity

Shortly before tonight’s scheduled State of the Union address, U.S. President Trump released a long-awaited infrastructure plan. Its focus on upgrading our roads, bridges, tunnels and other physical infrastructure is welcome. But we need to do more than address these weak brick-and-mortar foundations. A real 21st century infrastructure plan needs to integrate digital infrastructure into physical upgrades and invest in innovative technologies that will keep America globally competitive and secure. 

Today, it’s just a fact that the technology which makes things like education and healthcare more accessible to more Americans – the rise of cloud, mobile and IoT – also makes us more vulnerable to cyberattacks. The stakes could not be greater, particularly when it comes to our critical infrastructure.

Cyberattacks on critical infrastructure are rising

The U.S. Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) recently detected coordinated efforts by malicious actors to compromise our critical infrastructure, including those organizations involved in government, aviation, power production, energy production and critical manufacturing sectors. Further, the U.S. Department of Energy reported last year that America’s electricity infrastructure was in “imminent danger” from cyberattacks that are “growing more frequent and sophisticated.”

It’s no surprise that cyberattacks on critical infrastructure are rising. Organizations in the sector are high-value targets because they’re weakly defended systems that, if hacked, could help disrupt a network of utilities or oil and gas companies, potentially cutting off essential public services such as electricity, gas and water.

Ensuring security of critical infrastructure requires collaboration

So, how can the federal government ensure the security of critical infrastructure in the implementation of a broader infrastructure plan?

For starters, government regulators need to work with industry to develop standards. For example, the Federal Regulatory Commission (FERC) proposed new rules to protect the power grid from cyberattacks and the U.S. Department of Commerce is expected to issue an update to its cybersecurity framework for critical infrastructure early this year. These are both laudable steps.

But, in an environment where attacks are probable more than possible, early detection is key. Every organization needs to proactively develop the tools and capability to rapidly respond and recover in the event of a breach or attack. That’s why Tenable recently began a partnership with global energy leader Siemens to help operators of critical infrastructure continuously monitor both their traditional IT environment and Industrial Control Systems (ICS) environment for indicators of compromise, proper configuration, the presence of vulnerabilities and changes of state to the endpoints.

The public and private sectors also need to work together to assess the security of critical infrastructure sectors and develop a risk-based approach to address it, similar to the widely successful NIST Cybersecurity Framework. More broadly, we need tech advocates in Congress like Reps. Will Hurd and Gerry Connolly to play a leading role in ensuring the latest technology and security solutions are seeded into proposals for new construction and upgrades.

Smart infrastructure investments must address digital infrastructure, too 

The bottom line? If America is going to invest $1 trillion in our infrastructure, it must include significant investments in digital infrastructure, so that we can take advantage of new innovations which will save lives, boost our economy and protect against the cybersecurity threats posed by a more connected society.

*** This is a Security Bloggers Network syndicated blog from Tenable Blog authored by James Hayes. Read the original post at: