Not to be super scary, but the reality is that we live in a scary cyber world. A new report published by the Intelligence and National Security Alliance outlines the findings of a cyber exercise based on a hypothetical cyber-attack on Baltimore’s power companies. The exercise was orchestrated and played out by federal and state agency employees, operators of critical infrastructure facilities, nonprofit organizations, and cybersecurity and infrastructure-protection experts.
It is encouraging that such exercises are taking place to address vulnerabilities and develop preparedness. The exercise showed how unprepared cities are to such an attack, and the report provides recommendations of how to prepare for them.
According to the report, cities are heavily reliant on computer networks and information systems in the areas of energy, transportation and communication, all of which are vulnerable to a cyber-attack “with wide-ranging ramifications for public safety, commerce, and national security.”
The observations and recommendations following the exercise include:
- State governors should appoint a unified incident commander to coordinate the response to the attack.
- Create a single hub where meetings are held and information is disseminated.
- State and federal agencies must work together and roles must be clearly defined so each person and agency knows what their role is in the response and there are no conflicts.
- Safe-harbor provisions need to be clarified so organizations are indemnified for actions taken in emergency situations.
- Regular exercises should be conducted to “explore the real-world applicability of policy guidance contained in relevant executive orders and presidential policy directives and test the mechanisms for coordinating incident response and recovery among all relevant stakeholders.”
- There is a need for better information sharing between public and private sectors and among the different branches of government.
- All infrastructure needs to be continually monitored to detect weaknesses.
The Intelligence and National Security Alliance will release a white paper regarding cyberthreats and weaknesses and recommendations in the future.
In the meantime, it has provided a clear path for state and federal agencies and leaders to plan and implement the recommendations.