In a new 50 page report, a team of MIT cybersecurity researchers asserts that the most vital economic systems in the U.S. are essentially defenseless, imploring the Trump administration to do something about it instead of just waiting for everything to come crashing down.
Our nation’s core industries, much like anything connected to the internet, are just so many digital locks waiting to be popped. In the U.S., such systems have a special designation known as “critical infrastructure.” That’s mostly the kind of stuff that, if disabled or compromised, could lead to some serious widespread offline chaos. A large chunk of our nation’s critical infrastructure is privately owned, including electricity, finance, communications, and oil and natural gas. The paper’s primary author, former NSA Inspector General Joel Brenner, doesn’t want those industries to slip through the cracks as the nation moves forward with cybersecurity policy.
In an appeal straight to the top, Brenner writes:
“The nation can no longer afford a pattern of uncoordinated executive action and scattershot research. Total security is not achievable. But a materially improved security environment for the infrastructure on which virtually all economic and social activity depend can be created with sufficient resources and political will. Achieving this goal will require a more determined and more directive approach from the highest levels of government and industry. It will also require more energetic and coordinated steps from the President than any of his predecessors has been willing to take.”
The paper, titled “Keeping America Safe: Toward more secure networks for critical sectors,” collects a year of research, largely culled from purpose-built workshops. Tackling each aspect of vulnerable critical infrastructure sector by sector, it poses questions like “How will detection techniques be affected by the anticipated move to IPv6?” The answers to those questions are meant to spur action rather than further analysis, and each section comes with a concise paragraph of recommendations. For the not-exactly-surprising finding that critical infrastructure defense is poorly coordinated among agencies, for example, the report recommends that the president promote his cybersecurity advisor to a deputy national security role capable of coordinating with the Office of Management and Budget. Easy, see?
Many of the specific policy advice urges the president to take the threat to privately owned infrastructure seriously, to craft a comprehensive long term plan, and to enhance communication and collaboration among adjacent departments. While Trump doesn’t exactly take kindly to experts, or anyone beyond his innermost circle really, Brenner and team do attempt to speak the president’s strange language, presenting the threats as a unique opportunity for him to look strong where his predecessors were weak.
While Trump is unlikely to read 50 pages worth of policy in this lifetime, the report (embedded below) is a clear-eyed call to action that frames the issue as an urgent matter of national defense, which is certainly no exaggeration.
MIT Report IPRI CIS Critical Infrastructure by TechCrunch on Scribd