1st Edition
Securing the Nation’s Critical Infrastructures A Guide for the 2021-2025 Administration
Securing the Nation’s Critical Infrastructures: A Guide for the 2021–2025 Administration is intended to help the United States Executive administration, legislators, and critical infrastructure decision-makers prioritize cybersecurity, combat emerging threats, craft meaningful policy, embrace modernization, and critically evaluate nascent technologies.
The book is divided into 18 chapters that are focused on the critical infrastructure sectors identified in the 2013 National Infrastructure Protection Plan (NIPP), election security, and the security of local and state government. Each chapter features viewpoints from an assortment of former government leaders, C-level executives, academics, and other cybersecurity thought leaders. Major cybersecurity incidents involving public sector systems occur with jarringly frequency; however, instead of rising in vigilant alarm against the threats posed to our vital systems, the nation has become desensitized and demoralized. This publication was developed to deconstruct the normalization of cybersecurity inadequacies in our critical infrastructures and to make the challenge of improving our national security posture less daunting and more manageable. To capture a holistic and comprehensive outlook on each critical infrastructure, each chapter includes a foreword that introduces the sector and perspective essays from one or more reputable thought-leaders in that space, on topics such as:
- The State of the Sector (challenges, threats, etc.)
- Emerging Areas for Innovation
- Recommendations for the Future (2021–2025) Cybersecurity Landscape
ABOUT ICIT
The Institute for Critical Infrastructure Technology (ICIT) is the nation’s leading 501(c)3 cybersecurity think tank providing objective, nonpartisan research, advisory, and education to legislative, commercial, and public-sector stakeholders. Its mission is to cultivate a cybersecurity renaissance that will improve the resiliency of our Nation’s 16 critical infrastructure sectors, defend our democratic institutions, and empower generations of cybersecurity leaders. ICIT programs, research, and initiatives support cybersecurity leaders and practitioners across all 16 critical infrastructure sectors and can be leveraged by anyone seeking to better understand cyber risk including policymakers, academia, and businesses of all sizes that are impacted by digital threats.
Foreword by Glenn Gerstall
Chapter 1 Chemical
1.0 About the Chemical Sector
Drew Spaniel
1.1 ICS Security in the Chemical Sector—Beyond CFATS
Edward J. Liebig
Chapter 2 Commercial Facilities
2.0 About the Commercial Facilities Sector
Pete Slade
2.1 Digital Supply Chain Security: What Happens When an Organization’s Trusted Solutions Can No Longer Be Trusted?
Pete Slade and Dave Summitt
Chapter 3 Communications
3.0 About the Communications Sector
Tyler Healy
3.1 Accelerating Intelligence to Action
Tyler Healy
3.2 Zero Trust for Critical Infrastructure Requires a New Focus on Secure Communications
Glen Gulyas
Chapter 4 Critical Manufacturing
4.0 About the Critical Manufacturing Sector
Chris Grove
4.1 Transitioning Critical Manufacturing to Cyber Resiliency
Chris Grove
Chapter 5 Dams
5.0 About the Dams Sector
Laura Whitt-Winyard
5.1 Under-Funding Dam Sector Cybersecurity Leads to a Flood of Threats
Laura Whitt-Winyard
Chapter 6 Defense Industrial Base
6.0 About the Defense Industrial Base
Travis Rosiek and Robert F. Lentz
6.1 Accelerating DIB Cyber Security and Information Sharing Transformation
Travis Rosiek and Robert F. Lentz
6.2 What Is CMMC and Why Is It Important
Dr. Darren Death
Chapter 7 Election
7.0 About Election Security: Perspectives on Past, Present, and Future US Political Campaigns
Brigadier General (ret.) Francis X. Taylor, Joseph Drissel, and Matt Barrett
7.1 Action Plan for More Secure Campaigns—Addressing the Gaping Hole in Our Electoral Process
Brigadier General (ret.) Francis X. Taylor, Joseph Drissel,
and Matt Barrett
7.2 Preparing for the Future of Election Security—Recommendations for the 46th President
The Center for Internet Security
7.3 The Race with No Finish Line: Securing the Next Election in the Wake of 2020
Matthew Travis
7.4 The State of Campaign Cybersecurity
Brigadier General (ret.) Francis X. Taylor, Joseph Drissel, and Matt Barrett
7.5 The Price of Liberty—Countering Long-Term Malicious Cyber Influences on Democratic Processes
José de Arimatéia da Cruz
Chapter 8 Emergency Services
8.0 About the Emergency Services Sector
Stanley J. Mierzwa and Lauren Spath-Caviglia
8.1 Case Study—Law Enforcement Digital Forensics and Investigations Review; Results of a Cybersecurity Workforce Readiness Survey
Stanley J. Mierzwa and Lauren Spath-Caviglia
Chapter 9 Energy
9.0 About the Energy Sector
Chris Luras, John Eckenrode, and Donald Heckman
9.1 Securing the Backbone of the US Critical Infrastructure
Chris Luras, John Eckenrode, and Don Heckman
Chapter 10 Financial Services
10.0 About the Financial Services Sector
Hitesh Sheth
10.1 Time for Financial Providers to Lead with Cybersecurity
Hitesh Sheth
10.2 Public-Private Partnership in Fighting the Cyber Threat
Timothy L. Callahan
Chapter 11 Food and Agriculture
11.0 About the Food and Agriculture Sector
Timothy Bengson and Itzik Kotler
11.1 For CPG Companies, a Zero Trust Security Strategy Is the Best Supply Chain Defense
Timothy Bengson and Itzik Kotler
11.2 Software Helps Feed America—How Do We Keep It Secure?
Rusty Sides, Justin Ruth, Will Berriel, Scott McBain, and Michael Deck
11.3 Trust in the Food and Agriculture Supply Chain Starts in the Dirt and Ends on Our Tables
Joyce Hunter
Chapter 12 Government Facilities
12.0 About the Government Facilities Sector
Donald Maclean
12.1 Zero Trust: Buzzword or Panacea?
Donald Maclean
12.2 Outdated and Left Behind: Improving and Innovating Our Government Facilities
Dr. Nikki Robinson
12.3 Recommendations for Securing Government Facilities
Dr. Ron Martin
Chapter 13 Healthcare and Public Health
13.0 About the Healthcare and Public Health Sector
Krishnan Chellakarai and Itzik Kotler
13.1 How to Navigate a New Era of Threats to the Healthcare Sector
Krishnan Chellakarai and Itzik Kotler
13.2 Direct Patient Care Subsector Cybersecurity State of the Union
Joey Johnson
Chapter 14 Information Technology
14.0 About the Information Technology Sector
John Fanguy
14.1 Cybersecurity and Zero Outage: Where CISOs and Mission Leaders Align
John Fanguy
14.2 Managing Global Supply Chains and Their Impact on US Critical Infrastructure: What Do Critical Infrastructure Sectors Need to Do,
Now and in the Future
Donald R. Davidson Jr.
Chapter 15 Nuclear Sector
15.0 About the Nuclear Reactors, Material, and Waste Sector
Drew Spaniel
15.1 “Security by Isolation” Inhibits Nuclear Sector Resilience and Potential
Drew Spaniel
Chapter 16 Local and State Government
16.0 About State and Local Government Cybersecurity
Rita Reynolds
16.1 Emerging Threats and Challenges Facing State and Local Governments and Why They Should Be Considered Critical Infrastructure
Marcela Denniston, Alycia Farrell, Peter Liebert, and Jason Smith
16.2 Innovations for State and Local Governments
Marcela Denniston, Alycia Farrell, Peter Liebert, and Jason Smith
16.3 Recommendations to Improve the Cyber Resilience of State and Local Governments
Marcela Denniston, Alycia Farrell, Peter Liebert, and Jason Smith
Chapter 17 Transportation
17.0 About the Transportation Sector
Jerry L. Davis
17.1 From the Ground, through the Air, and Beyond Out There: Over the Horizon Opportunities, Risks, and Challenges in the Transportation System Sector
Jerry L. Davis
Chapter 18 Water and Wastewater Management
18.0 About the Water and Wastewater Systems Sector
Dr. Bradford Sims
18.1 Florida Water Treatment Attack and the Implications for Critical Infrastructure and Cybersecurity—An Exegesis
Dr. Ian McAndrew
18.2 Adhering to 12-Stage Process for Achieving Cyber Secured Water and Sewage Operations
Daniel Ehrenreich
Closing
Conclusion
Joyce Hunter
Afterword: Some Things Change, Some Things Stay the Same
Suzette Kent
Biography
ABOUT THE EDITOR
As the Lead Researcher at the Institute for Critical Infrastructure Technology (ICIT), Drew Spaniel is an expert in information security and technology across the US critical infrastructure sectors. He serves the Institute as a technical expert in cybersecurity, technology, and data science, as well as emerging adversarial trends, threat actor profiling, and legislation and agency initiatives related to information security and privacy. Spaniel earned a Master of Science in Information Security, Policy, and Management from Carnegie Mellon University’s Heinz College and a Bachelor of Science in Applied Physics from Allegheny College.
