10.1 Cybersecurity Mission

WHO? The Department of Homeland Security.

WHAT? Is responsible for national cybersecurity.

WHEN? DHS maintains 24-hour watch for cyber-attack from the NCCIC in Washington DC.

WHERE? When an attack occurs, DHS can respond with the US-CERT and ICS-CERT.

WHY? Unfortunately DHS assets are few, meaning that system owners and operators are the first and last line of defense against cyber-attack that could have potentially catastrophic consequences.

As we learned in 2.4, 9/11 demonstrated the ability to create WMD effects without WMD. They did it by subverting critical infrastructure. In the last section we learned that all critical infrastructure, particularly lifeline infrastructure, is vulnerable to cyber attack. Experts believe a coordinated cyber-attack on critical infrastructure could precipitate the worst disaster in US history. The top three concerns are 1) Shutting down the North American grid, 2) Instigating two simultaneous nuclear meltdowns, and 3) Undermining the Federal Reserve. Any one of these scenarios would dwarf the worst disaster in US history, outside the Civil War, the 1900 Galveston Hurricane where upwards to 12,000 people died. What is cybersecurity? Who’s responsible for it? And why does it present such a challenge? These are the questions that we will examine in this section. Like homeland security, the cybersecurity concern arose out of the 1995 Tokyo Subway Attacks. A 1997 Presidential report commissioned to examine the vulnerability of US critical infrastructure in the wake of the 1995 Tokyo Subway Attacks noted that US infrastructure was safe, for the moment... The 1997 Report also noted that US infrastructure was becoming increasingly reliant on computer controls that might one day become targets of attack, making infrastructure indeed more vulnerable. As a result of this report, in May 1998 President Clinton issued Presidential Decision Directive #63 establishing the foundation for critical infrastructure protection from all threats, including cyber-attack. Concern over cyber-attack was quite prescient considering that the Internet was still in its infancy. Concern remained sufficiently strong following 9/11 to make cybersecurity a core mission of DHS. Cybersecurity was made a DHS mission by the 2002 Homeland Security Act, and remains so to this day. Understandably, because of 9/11, DHS was focused on a repeat physical attack, and cybersecurity did not receive equal attention. All this changed in 2010 with release of the first Quadrennial Homeland Security Review. The 2010 QHSR elevated cybersecurity to top priority. The elevated priority is believed to stem from the 2008 Russian invasion of Georgia. The invasion was preceded by a cyber-attack that succeeded in degrading the county’s command-and-control. At the heart of the concern was a coordinated attack on US critical infrastructure. In 2007, DHS demonstrated the ability to destroy an electrical generator from the Internet. In December 2016, cyber-attack succeeded in knocking out the power to the city of Kiev in Ukraine. In March 2018, DHS issued an alert warning of Russian infiltration into the US Electric Grid. DHS, unfortunately, is not matched to meet these escalating threats. First off, DHS has no authority to touch anybody’s computer, and they don’t control the Internet. They do, however, maintain 24-hour watch over the Internet from the National Cybersecurity and Communications Integration Center in Washington DC. If the NCCIC detects a problem, it may dispatch teams from either the US-CERT or ICS-CERT. The US Computer Emergency Readiness Team at Carnegie Melon University has few deployable assets, and is mainly positioned to collect and distribute malware reports. The Industrial Control Systems CERT at Idaho National Laboratories does have deployable assets, but can only respond with permission from system owners and operators. In short, there’s no cavalry waiting over the hill to swoop down and rescue us from cyber-attack. As it stands, system owners and operators are the first and last line of defense from cyber-attack.