Cb Connect 2018 | Power of You | Register Now


DHS’ Critical Infrastructure Designation Is Progress, but Don’t Expect Any White Knights Anytime Soon

Eric O' Neill
January 23, 2017 / Eric O' Neill

Recently, the Department of Homeland Security (DHS) declared the electoral system as “critical infrastructure.” The declaration was, seemingly, a reaction in response to the alleged hacks from Russia that may have influenced the 2016 election.

The cyber attack on the Democratic National Committee (DNC) and leaks of John Podesta’s emails raised hysteria over a critical issue. Unfortunately, there was little useful action or response. The story here was multi fold. Overwhelmingly, the discussion focused on attributing hacks to Russia. Cyber professionals and security consultants shook their fingers for the umpteenth time at poor email hygiene and rehashed the same warning against spear phishing attacks. Media, pundits and politicians all rolled out the blame game in a glorious display. It was all posturing.

When the U.S. intelligence community overwhelmingly placed the blame for the DNC and Podesta attacks on Russia, the White House responded with a politically charged decision to PNG – persona non grata – various Russian diplomatic personnel identified as active spies working under diplomatic cover in the United States.

The PNG designation prevents those personnel from ever returning to the United States, exposes them as intelligence officers, ends their undercover careers, and slams the breaks on any operations the spies may have had in the works on U.S. soil.

However, sending 35 Russian spies home is purely political chest thumping. While the politicians cheer, those of us in the intelligence community groan. The FBI and CIA will now have to work overtime to discover which new, Russian diplomats are spies. This will require significant time working sources, tedious and expensive surveillance, and careful execution of counterintelligence.

While this extra work occurs, the spies that actually carried out the DNC and Podesta attacks will continue to operate from secure and anonymous locations overseas.

At the eleventh hour, DHS labeled our election equipment as “critical infrastructure,” an action that may move us toward a positive result. This places the election system at the same level of importance as the electricity that powers our homes, the water we drink, and the roads and airplanes that deliver us to our business meetings, vacations and social gatherings.

On the one hand, this designation will make protecting polling places, election machines, voter databases and other voter information technology a priority for DHS. Presumably, the federal government will provide states with funding and training to install these enhancements. More importantly, adding the election process to 16 critical infrastructures listed as “government facilities” would potentially allow the United States to consider a cyber breach of our election process an act of war.

Over the past few years, we have seen attacks on our businesses, financial sectors, energy sector and the Office of Personnel Management, to name a few. The timid federal response has emboldened attackers instead of deterring them. While some cyber experts suggest that we are in a “Cyber Cold War,” I propose that we are already at war – except we are playing defense without a battle plan and arguing over whether the attacks can even be considered attacks.

DHS has taken a necessary step forward by labeling our election process as part of the critical infrastructure. Perhaps this will bring us closer to determining when a cyber attack merits consideration for an act of war. As it stands, we are still far away from that bright line.

The federal government has no national plan to address a catastrophic cyber attack, or even when to consider a cyber attack in the same way we might consider a kinetic (or physical) attack. In light of this fact, businesses and private citizens cannot rely on the government to solve our cyber security problems. Preventing these attacks, detecting them more accurately and responding to them quickly continue to be the key to healthy cybersecurity. The DHS won’t be sending any white knights to save us anytime soon.


TAGS: Carbon Black / critical infrastructure / Eric o Neill