1st Edition

Securing the Nation’s Critical Infrastructures A Guide for the 2021-2025 Administration

Edited By Drew Spaniel Copyright 2023
    314 Pages 21 B/W Illustrations
    by CRC Press

    Securing the Nation’s Critical Infrastructures: A Guide for the 2021–2025 Administration is intended to help the United States Executive administration, legislators, and critical infrastructure decision-makers prioritize cybersecurity, combat emerging threats, craft meaningful policy, embrace modernization, and critically evaluate nascent technologies.

    The book is divided into 18 chapters that are focused on the critical infrastructure sectors identified in the 2013 National Infrastructure Protection Plan (NIPP), election security, and the security of local and state government. Each chapter features viewpoints from an assortment of former government leaders, C-level executives, academics, and other cybersecurity thought leaders. Major cybersecurity incidents involving public sector systems occur with jarringly frequency; however, instead of rising in vigilant alarm against the threats posed to our vital systems, the nation has become desensitized and demoralized. This publication was developed to deconstruct the normalization of cybersecurity inadequacies in our critical infrastructures and to make the challenge of improving our national security posture less daunting and more manageable. To capture a holistic and comprehensive outlook on each critical infrastructure, each chapter includes a foreword that introduces the sector and perspective essays from one or more reputable thought-leaders in that space, on topics such as:

    • The State of the Sector (challenges, threats, etc.)
    • Emerging Areas for Innovation
    • Recommendations for the Future (2021–2025) Cybersecurity Landscape


    The Institute for Critical Infrastructure Technology (ICIT) is the nation’s leading 501(c)3 cybersecurity think tank providing objective, nonpartisan research, advisory, and education to legislative, commercial, and public-sector stakeholders. Its mission is to cultivate a cybersecurity renaissance that will improve the resiliency of our Nation’s 16 critical infrastructure sectors, defend our democratic institutions, and empower generations of cybersecurity leaders. ICIT programs, research, and initiatives support cybersecurity leaders and practitioners across all 16 critical infrastructure sectors and can be leveraged by anyone seeking to better understand cyber risk including policymakers, academia, and businesses of all sizes that are impacted by digital threats.

    Foreword by Glenn Gerstall

    Chapter 1 Chemical

    1.0 About the Chemical Sector

    Drew Spaniel

    1.1 ICS Security in the Chemical Sector—Beyond CFATS

    Edward J. Liebig

    Chapter 2 Commercial Facilities

    2.0 About the Commercial Facilities Sector

    Pete Slade

    2.1 Digital Supply Chain Security: What Happens When an Organization’s Trusted Solutions Can No Longer Be Trusted?

    Pete Slade and Dave Summitt

    Chapter 3 Communications

    3.0 About the Communications Sector

    Tyler Healy

    3.1 Accelerating Intelligence to Action

    Tyler Healy

    3.2 Zero Trust for Critical Infrastructure Requires a New Focus on Secure Communications

    Glen Gulyas

    Chapter 4 Critical Manufacturing

    4.0 About the Critical Manufacturing Sector

    Chris Grove

    4.1 Transitioning Critical Manufacturing to Cyber Resiliency

    Chris Grove

    Chapter 5 Dams

    5.0 About the Dams Sector

    Laura Whitt-Winyard

    5.1 Under-Funding Dam Sector Cybersecurity Leads to a Flood of Threats

    Laura Whitt-Winyard

    Chapter 6 Defense Industrial Base

    6.0 About the Defense Industrial Base

    Travis Rosiek and Robert F. Lentz

    6.1 Accelerating DIB Cyber Security and Information Sharing Transformation

    Travis Rosiek and Robert F. Lentz

    6.2 What Is CMMC and Why Is It Important

    Dr. Darren Death

    Chapter 7 Election

    7.0 About Election Security: Perspectives on Past, Present, and Future US Political Campaigns

    Brigadier General (ret.) Francis X. Taylor, Joseph Drissel, and Matt Barrett

    7.1 Action Plan for More Secure Campaigns—Addressing the Gaping Hole in Our Electoral Process

    Brigadier General (ret.) Francis X. Taylor, Joseph Drissel,

    and Matt Barrett

    7.2 Preparing for the Future of Election Security—Recommendations for the 46th President

    The Center for Internet Security

    7.3 The Race with No Finish Line: Securing the Next Election in the Wake of 2020

    Matthew Travis

    7.4 The State of Campaign Cybersecurity

    Brigadier General (ret.) Francis X. Taylor, Joseph Drissel, and Matt Barrett

    7.5 The Price of Liberty—Countering Long-Term Malicious Cyber Influences on Democratic Processes

    José de Arimatéia da Cruz

    Chapter 8 Emergency Services

    8.0 About the Emergency Services Sector

    Stanley J. Mierzwa and Lauren Spath-Caviglia

    8.1 Case Study—Law Enforcement Digital Forensics and Investigations Review; Results of a Cybersecurity Workforce Readiness Survey

    Stanley J. Mierzwa and Lauren Spath-Caviglia

    Chapter 9 Energy

    9.0 About the Energy Sector

    Chris Luras, John Eckenrode, and Donald Heckman

    9.1 Securing the Backbone of the US Critical Infrastructure

    Chris Luras, John Eckenrode, and Don Heckman

    Chapter 10 Financial Services

    10.0 About the Financial Services Sector

    Hitesh Sheth

    10.1 Time for Financial Providers to Lead with Cybersecurity

    Hitesh Sheth

    10.2 Public-Private Partnership in Fighting the Cyber Threat

    Timothy L. Callahan

    Chapter 11 Food and Agriculture

    11.0 About the Food and Agriculture Sector

    Timothy Bengson and Itzik Kotler

    11.1 For CPG Companies, a Zero Trust Security Strategy Is the Best Supply Chain Defense

    Timothy Bengson and Itzik Kotler

    11.2 Software Helps Feed America—How Do We Keep It Secure?

    Rusty Sides, Justin Ruth, Will Berriel, Scott McBain, and Michael Deck

    11.3 Trust in the Food and Agriculture Supply Chain Starts in the Dirt and Ends on Our Tables

    Joyce Hunter

    Chapter 12 Government Facilities

    12.0 About the Government Facilities Sector

    Donald Maclean

    12.1 Zero Trust: Buzzword or Panacea?

    Donald Maclean

    12.2 Outdated and Left Behind: Improving and Innovating Our Government Facilities

    Dr. Nikki Robinson

    12.3 Recommendations for Securing Government Facilities

    Dr. Ron Martin

    Chapter 13 Healthcare and Public Health

    13.0 About the Healthcare and Public Health Sector

    Krishnan Chellakarai and Itzik Kotler

    13.1 How to Navigate a New Era of Threats to the Healthcare Sector

    Krishnan Chellakarai and Itzik Kotler

    13.2 Direct Patient Care Subsector Cybersecurity State of the Union

    Joey Johnson

    Chapter 14 Information Technology

    14.0 About the Information Technology Sector

    John Fanguy

    14.1 Cybersecurity and Zero Outage: Where CISOs and Mission Leaders Align

    John Fanguy

    14.2 Managing Global Supply Chains and Their Impact on US Critical Infrastructure: What Do Critical Infrastructure Sectors Need to Do,

    Now and in the Future

    Donald R. Davidson Jr.

    Chapter 15 Nuclear Sector

    15.0 About the Nuclear Reactors, Material, and Waste Sector

    Drew Spaniel

    15.1 “Security by Isolation” Inhibits Nuclear Sector Resilience and Potential

    Drew Spaniel

    Chapter 16 Local and State Government

    16.0 About State and Local Government Cybersecurity

    Rita Reynolds

    16.1 Emerging Threats and Challenges Facing State and Local Governments and Why They Should Be Considered Critical Infrastructure

    Marcela Denniston, Alycia Farrell, Peter Liebert, and Jason Smith

    16.2 Innovations for State and Local Governments

    Marcela Denniston, Alycia Farrell, Peter Liebert, and Jason Smith

    16.3 Recommendations to Improve the Cyber Resilience of State and Local Governments

    Marcela Denniston, Alycia Farrell, Peter Liebert, and Jason Smith

    Chapter 17 Transportation

    17.0 About the Transportation Sector

    Jerry L. Davis

    17.1 From the Ground, through the Air, and Beyond Out There: Over the Horizon Opportunities, Risks, and Challenges in the Transportation System Sector

    Jerry L. Davis

    Chapter 18 Water and Wastewater Management

    18.0 About the Water and Wastewater Systems Sector

    Dr. Bradford Sims

    18.1 Florida Water Treatment Attack and the Implications for Critical Infrastructure and Cybersecurity—An Exegesis

    Dr. Ian McAndrew

    18.2 Adhering to 12-Stage Process for Achieving Cyber Secured Water and Sewage Operations

    Daniel Ehrenreich



    Joyce Hunter

    Afterword: Some Things Change, Some Things Stay the Same

    Suzette Kent



    As the Lead Researcher at the Institute for Critical Infrastructure Technology (ICIT), Drew Spaniel is an expert in information security and technology across the US critical infrastructure sectors. He serves the Institute as a technical expert in cybersecurity, technology, and data science, as well as emerging adversarial trends, threat actor profiling, and legislation and agency initiatives related to information security and privacy. Spaniel earned a Master of Science in Information Security, Policy, and Management from Carnegie Mellon University’s Heinz College and a Bachelor of Science in Applied Physics from Allegheny College.