The need to secure cyberspace has been a top priority in the public and private sectors. Today, computer networks connect and control everything from the electrical grid to transportation systems to the financial sector. The interconnectivity of systems is growing at a rapid pace and the need to protect it from cybercriminals is an essential key. A cyber-attack on critical infrastructure could have a crippling effect on the nation’s defensive capabilities and economic security.
On February 12, 2013, The White House released The Presidential Policy Directive (PPD-21) on Critical Infrastructure Security and Resilience. It advances a national unity of effort to strengthen and maintain secure, functioning, and resilient critical infrastructure. PPD-21 called for an update on the National Infrastructure Protection Plan (NIPP), which its mission areas include prevention, protection, mitigation, response, and recovery. It is crucial to mitigate the potential consequences and reduce vulnerabilities of critical assets, systems and networks.
President Obama also signed Executive Order 13636, for Improving Critical Infrastructure Cybersecurity. It is designed to focus on three key areas: (1) information sharing, (2) privacy, and (3) the adoption of cybersecurity practices. It directs the Federal Government to coordinate with critical infrastructure owners and operators in order to improve information sharing capabilities within public-to-private-partnerships. This collaborative effort enables participants to develop and implement risk-based approaches to cybersecurity while strengthening the security and resilience of cyberspace.
The Department of Homeland Security (DHS) leads this collaborative effort with their Critical Infrastructure Cyber Community (C³) Voluntary Program. Their goal is to assist the enhancement of critical infrastructure cybersecurity and to encourage the adoption of the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework. The Framework consists of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks. Critical infrastructure must be able to identify, protect, detect, respond, and rapidly recover from cyber related activities. It is heavily reliant on cyber-dependent systems and implementing a strong strategic security plan, aids in mitigating these challenges. A comprehensive risk management approach enables owners and operators to make risk-based decisions, while informing and prioritizing these decisions, and quantify and communicating changes, thus optimizing cybersecurity expenditures.
The Cyber Security Enhancement Act of 2014, provides an ongoing, voluntary public-private partnership to improve cybersecurity, and to strengthen cybersecurity research and development, workforce development and education, and public awareness and preparedness. Also, The National Initiative for Cybersecurity Education (NICE) promotes a robust network and an ecosystem of cybersecurity education, training, and workforce development. NICE coordinates with the government, academic, and industry partners to build on existing successful programs, facilitate change and innovation, and bring leadership and vision to increase the number of skilled cybersecurity professionals helping to keep our Nation secure. Here at the National Cybersecurity Student Association (NCSA), we support the cybersecurity educational programs of academic institution, inspires career awareness and encourages creative efforts to increase the number of underrepresented populations in the field. Join us today!
Presidential Policy Directive — Critical Infrastructure Security and Resilience
https://www.whitehouse.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil
