https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2022 Winter Showcase
    • IWCE 2023 Pre-event Guide
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookie Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2023 Pre-event Guide
    • IWCE 2022 Winter Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Terms of Service
    • Privacy Statement
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Cybersecurity


News

Cybersecurity for U.S. critical infrastructure a ‘national-security imperative,’ NSC official says

Cybersecurity for U.S. critical infrastructure a ‘national-security imperative,’ NSC official says

  • Written by Donny Jackson
  • 1st June 2021

Protecting U.S. critical infrastructure from the often-debilitating impacts of cyberattacks is a “national imperative” that will require cooperation between the government and private sector, according to Brian Scott, director of critical-infrastructure cybersecurity for the National Security Council (NSC).

Scott said variety of sources—nation-states, state-sponsored actors and cybercriminals—are responsible for the cyberattacks, and many of the impacts have been significant, as recent events have reinforced. Indeed, more than 18,000 entities were deemed vulnerable during the SolarWinds attacks first announced in December, and a ransomware attack on Colonial Pipeline resulted in the shutdown of more than 11,000 gas stations in the southeast U.S., he said.

“Public and private entities are increasingly under constant, sophisticated, malicious and often-unseen probing and attacks from nation-state adversaries and criminals,” Scott said last week during the “Cyber Defenders” online event hosted by Nextgov. “Today more than ever, cybersecurity is a national-security imperative.

“Adversaries and malicious cyber actors see U.S. government and U.S. commercial networks as particularly rich targets and are aggressively working to compromise them.”

Beyond the SolarWinds and Colonial Pipeline incidents, Scott cited compromises to Microsoft Exchange Servers and Pulse Secure VPNs as examples of the challenges facing public and private U.S. entities in an increasingly treacherous cyber environment.

Meanwhile, ransomware attacks last year generated average demands of more than $100,00, with the top ransom demands exceeding $10 million, Scott. And a 2019 study estimated that data breaches cost the company experiencing one an average of $13 million, as well as significant intellectual-property losses, he said.

Scott said it is time to halt this cycle of U.S., beginning with a new mindset regarding cybersecurity.

“As a community, we’ve come to accept that we’ll move from one incident to another and respond to them,” Scott said. “While we must acknowledge that incidents and breaches will happen and that we must prepare for them, we cannot simply afford to let waiting for the next incident to happen be the status quo under which we operate. The national-security implications are simply too great to do that.

“The cost of insecure technology is staggering, and that cost is borne, at the end, by the victims—in loss of property and in incident response and cleanup. Small businesses, schools, hospitals, local government, critical-infrastructure owners and operators, and our citizens bear the brunt of these costs.”

Critical-infrastructure providers have to be especially cognizant of cybersecurity issues, which can be challenging because many systems were designed long before cyberthreats were a consideration, Scott said. When such older operational-technology (OT) systems are connected to information-technology (IT) networks, it can result in unintended vulnerabilities that can be exploited by hackers, he said.

“Advances in IT and OT have led to enormous efficiencies, business integration and connectivity across the business enterprise,” Scott said. “But integration and connectivity, with consideration being given to control-system cybersecurity, makes those control systems vulnerable to an increase risk of malicious cybersecurity.

“OT networks and systems require additional—and sometimes different—protection against cyberthreats. Cyberthreats to our control systems and OT are becoming more sophisticated, our advisories are becoming bolder, and our infrastructure is becoming increasingly interconnected at a rapid pace.”

Even protecting the OT system may not be enough to ensure that practical operations can continue in the event of a cyberattack, according to Scott.

“As we saw in the Colonial Pipeline incident, even though the OT systems were not affected, the loss of the IT systems effectively shut down operations for over five days,” he said.

The recent executive order announced by President Joe Biden is a crucial step in “changing the calculus” about cybersecurity and prioritizing efforts to prevent attacks, Scott said. Although the executive order only addresses federal systems directly, its impacts should be evident on more broadly, according to Scott.

“The executive order provides insights that should inform the private sector,” he said. “Outdated security models, unencrypted data, failure to patch software and change passwords have led to compromises of systems in the public and private sectors.

“The federal government must lead the way and increase its adoption of security best practices, including a zero-trust model, accelerate movement toward secure cloud services, and consistently employ foundational security tools like multi-factor authentication and encryption.”

In addition, the executive order calls for a new regime regarding the manner in which software development is done, Scott said.

“The current model of build-sell-and-maybe-patch means that the software products that the federal government and the public buy often include defects and vulnerabilities. This is unacceptable,” Scott said. “These defects are vulnerabilities that developers are accepting as the norm, with the expectation that they can patch them later—if they deem that that the defects and vulnerabilities are sufficiently serious to merit fixing.

“We can’t go on with that process. We are taking aggressive steps to ensure that the software that the government buys is built more securely from the start, by requiring federal vendor to build software in a secure development environment, using strict securing standards and processes. These efforts will pay dividends outside of the federal government, as well, because much of the software that the government buys is the same software that the private sector buys.”

Successfully thwarting cyberattacks will require the federal government to “lead the way,” but it must forge a greater level of cooperation with the private sector, according to Scott.

“Partnerships are critical to the safety of our nation in cyberspace,” he said. “The government needs the private sector and the visibility and expertise it provides, and the private sector needs the government.”

Partnering with international allies also is important, Scott said.

“As an example, we built a coalition of dozens of countries to support our attribution of the SolarWinds intrusion to the Russian foreign intelligence service and bolstered our actions to hold Russia accountable for its malign actions in cyberspace,” Scott said.

“One of our first global initiatives will be a cooperative effort to counter ransomware. International cooperation to address ransomware is critically important, because trans-national criminals are most often the perpetrators of these crimes—and they often leverage global infrastructure and money laundering to do it.”

 

 

Tags: homepage-featured-4 Applications Critical Infrastructure Cybersecurity DHS Enterprise Federal Government/Military Funding Incident Command/Situational Awareness News Policy Public Safety Regional Coordination Security Software State & Local Government System Operation Test & Measurement Tracking, Monitoring & Control Training News

Most Recent


  • Microsoft Outlook vulnerability could be 2023's 'It' bug
    Microsoft recently patched a zero-day vulnerability under active exploit in Microsoft Outlook, identified as CVE-2023-23397, which could enable an attacker to perform a privilege escalation, accessing the victim’s Net-NTLMv2 challenge-response authentication hash and impersonating the user. Now it’s becoming clear that CVE-2023-23397 is dangerous enough to become the most far-reaching bug of the year, security researchers are […]
  • Getting to know the how—and why—of the telecom cloud
    A funny thing happened during the pandemic: The giant cloud hyperscalers burst into the telecom industry. And now it’s time for everyone to get acquainted with them. Why? Well, it seems increasingly inevitable that a certain percentage – ranging from “a little” to “most” – of telecom operators’ network functions are going to run in […]
  • Zipline delivery drone docks, charges by itself
    Zipline has unveiled its new autonomous drone platform, designed to provide accurate everyday delivery to homes in the U.S., including in busy residential areas. Zipline’s previous delivery system worked by parachuting parcels into a specified area. Now the new drone, dubbed Platform 2 or P2 Zip, sends its goods down to customers via a tether […]
  • State and local leaders can alleviate the burden on public-safety personnel by tackling three workforce trends
    Government officials and public safety leaders wear many different hats. They serve as sounding boards for constituent complaints and for new ideas that need vetting. They are change agents charged with improving the lives of citizens and colleagues and are tasked with keeping order. Their most daunting responsibility, however, is keeping members of their community […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • A wrench and a screwdriver: Critical infrastructure's last, best lines of defense?
  • Florida city says water system hacked, warns critical-infrastructure community
  • Critical infrastructure under attack
  • Despite budget squeeze, state and local governments must shore up cyber posture

Commentary


Updated: How ‘sidelink’ peer-to-peer communications can enhance public-safety operations

  • 1
27th February 2023

NG911 needed to secure our communities and nation

24th February 2023

How 5G is making cities safer, smarter, and more efficient

26th January 2023
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

State and local leaders can alleviate the burden on public-safety personnel by tackling three workforce trends dlvr.it/SlBH89

20th March 2023
UrgentComm

6G is shaping up to disappoint, and the industry can blame itself dlvr.it/Sl918J

20th March 2023
UrgentComm

Change is coming to the network detection and response (NDR) market dlvr.it/Sl4cts

18th March 2023
UrgentComm

Telcos need to build businesses, as well as networks dlvr.it/Sl4cRR

18th March 2023

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.