The government needs strengthened cooperation between different sectors to deal with the impending growth of cyberattacks on critical infrastructure, according to a Homeland Security Advisory Council report approved Thursday.
The two-part, 90-page report from HSAC’s Cybersecurity Subcommittee keys in on the financial services, communications and electrical sectors, rather than addressing all 16 critical infrastructures, because of time constrains. In this interconnected trio of sectors, which face a rapid increase in cyberthreats, there is “no such mechanism for large-scale operational coordination,” the report says.
Rather, the council found, many “infrastructure sectors have largely focused on coordinating operations within each sector.” Therefore, in the case of a cyberattack, the report warns that the infrastructure systems would struggle to support each other through collaboration.
“When it comes to cross-sector support, our infrastructures are nowhere close to where they need to be,” HSAC Cybersecurity Subcommittee Vice Chair Paul Stockton told FedScoop.
Imagine a major cyberattack occurred in an electrical grid, he said. To help return it to normal, it would need the help of telecommunication or financial sector to address the issue and make sure no future problems occur. As it stands now, Stockton said the electrical field would struggle to communicate with these other sectors, resulting in a slower, less complete recovery.
The report also stresses the likelihood that an attack on one or more of these infrastructures could have cross-sector, collateral implications.
As a solution, the report recommends updating the National Cybersecurity Incident Response Plan to drive better cooperation among the sectors. It also recommends that government develop an operational flow chart alongside the plan.
The NCIRP should “help the three sectors and their government partners prioritize and accelerate restoration of services in a contested environment,” the report says.
With the updated NCIRP, the report recommends creating assistance groups, such as a cross-sector emergency response team or a lifeline sector executive steering committee, to respond during attacks on one of these major sectors.
“This report offers recommendations to meet a poorly understood but absolutely vital challenge for U.S. cybersecurity: ensuring that infrastructure sectors can work together to restore critical services after a cyberattack…” the report says.
This is the first report created by the HSAC Cybersecurity Subcommittee, which Homeland Security Secretary Jeh Johnson created last August. The committee unanimously voted to pass the report during Thursday’s open session.
The cybersecurity subcommittee is composed of 22 different members from both the private and public side of the tech industry.
Contact the reporter on this story via email: Jeremy.Snow@FedScoop.com. Follow him on Twitter @JeremyM_Snow. Sign up for the Daily Scoop — all the federal IT news you need in your inbox every morning — here: fdscp.com/sign-me-on.