Editor’s Note: This story originally appeared on FCW.com
A former Pentagon official said the incoming administration must retain a focus on improving cybersecurity for critical infrastructure.
President-elect Donald Trump must hit the ground running with policy that supports gains in cooperation between the public sector and private critical infrastructure providers if his administration is to stay ahead of growing cybersecurity threats, according to a former federal official.
“He needs to ensure he’s prepared to respond to a cyberattack on infrastructure,” said Paul Stockton, former assistant secretary of defense for homeland defense and Americas’ security affairs and now managing director of Sonecon, a security and risk management services provider. “He can’t wait until deep into his administration. He had to do it from his first day.”
When Stockton was assistant secretary from 2009 to 2013, he advised Defense Department leaders on policy, strategy and implementation issues, including countering weapons of mass destruction, cyber operations, homeland defense activities, antiterrorism, continuity of government operations and mission assurance, as well as defense support for civil authorities.
In an Oct. 3 speech, Trump said he would make cybersecurity “an immediate and top priority” for his administration. He vowed to tackle the issue with a “cyber review team” made up of military, civilian and private-sector experts who would examine the vulnerability of government systems.
The team “will proceed with the most sensitive systems first, but ultimately all systems will be analyzed and made as secure as modern technology permits,” Trump said. Although his remarks covered cybercrimes against private industry and federal systems, they did not specifically mention critical infrastructure threats.
In an interview with FCW on Nov. 10, Stockton said the threat to critical infrastructure is perhaps the most pressing cybersecurity issue for the president-elect. The federal government’s relationships with private critical infrastructure providers is improving thanks to enhanced information sharing that reaches beyond traditional critical infrastructure providers into more specific areas, he added.
Stockton said Trump’s transition team must pay close attention to existing public/private partnerships and the protection structures they’ve established and understand how they work. Trump’s transition leaders “should be prioritizing their effort,” Stockton said. “It’s important they be prepared on the first day. It’s imperative.”
In their first days in office, new presidents can be tested by foreign actors, natural disasters and other crises. In today’s environment, Stockton said, the threats can as readily arise in the cyber realm as in physical form, and an attack on critical infrastructure could be particularly tempting because it could produce both cyber and physical results.
In the first 100 days of Trump’s administration, the former business mogul’s relationship with Russia is another touchstone for cybersecurity officials and the general public.
“Watch how Trump handles allegations of Russian intervention” in the U.S. election, Stockton said. During his campaign, Trump publicly encouraged Russia to hack rival Hillary Clinton’s email. Although he later said he was joking, the episode sparked questions about his relationship with Russian officials.
How Trump handles questions about that relationship could indicate how he might handle future state-sponsored cyber intrusions. “They need to send a message internationally on how they will handle hacks,” Stockton said.
He added that “Trump should continue to strengthen partnerships with critical infrastructure. He will inherit an effective critical infrastructure architecture. How he uses it is up to him.” via