浪花直播

Over the past decade, a steady and significant shift has occurred in the governance, resources, frameworks, and approaches to managing cyber, physical and other risks to America鈥檚 critical infrastructure. How have our tools and techniques evolved? Are we better equipped to tackle the threats of tomorrow?

Selected Quotes

Melissa Griffith

鈥淲e also  know in looking at the pandemic that there were many failures of the supply chain and many concerns whether it was kind of what you needed to make a respirator or even just vials for saline in hospitals and there are many kind of shortages and also some real limitations and security concerns there.鈥�

Christopher C. Krebs

鈥淥ver the last several years, we鈥檝e identified five key shifts in the way the critical infrastructure community is managing risks. The first  aspect is that it鈥檚 becoming quite clear that risk is shared across all sectors. The second is supply chain risk management is critically important. The third piece is vulnerability management is also evolving and becoming more effective. The fourth is what used to be a security practice is now evolved into a more resilient approach to critical infrastructure risk management鈥nd lastly, we鈥檙e seeing organizations take a much more enterprised level understanding of cybersecurity risk management.鈥�

鈥淭here鈥檚 absolutely a night and day difference between the security awareness and posture of state and local election networks, and the resilience measures that have been built in. We have intrusion detection systems deployed across all 50 states, and state election directors, secretary state networks. In some states, we鈥檝e got them in all counties.鈥�

Kathryn Condello

鈥淧ost 9/11, it was like we have to put the guns, guards, and gates around the building or around 鈥ut it's actually, in my mind, an academic reach. It's an intellectual reach that we're now starting to focus again on sort of the functions and the services because decoupling, if you will, whether it's not being able to decouple this is able to make us think differently about what is it we rely on. And whether or not we rely on it not, I think also helps us make the plans make the arrangements so that you know what you do need to focus on.鈥�

鈥淲e're moving into an environment where the 5G will in essence change sort of the overarching architecture of all of the aspects. I mean, 5G is supposed to be access agnostic, whether it's the wireless thing that everybody's all excited about鈥攊t's pretty exciting鈥攐r it's going to be the WiFi or the cable guys or the wireline guys or the satellite guys or the broadcasters. Everybody, all the segments that we've been operating with in, you know, sort of the traditional telecom space, has also been part of the 5G environment.鈥�

鈥淚 think it's fair to say that we do have a fairly long-standing relationship, certainly, with government dealing with security risk resilience kind of issues. I think it was understood decades ago that you can't weather a storm if you can't communicate, you can't weather a storm if you don't have power, and so I think power and comms in particular have a deep, deep relationship.鈥�

Thad Allen

鈥淚f you look at what鈥檚 happening in the world today, we鈥檙e dealing with increasing levels of complexity鈥� Increasing scale of complexity, where the complexity itself becomes a risk aggravator. I think it鈥檚 important to understand as it鈥檚 becoming more well-known to everybody. When I talk about complexity, I鈥檓 talking about complexity that starts to break down legal frameworks, standing operating procedures, training tactic procedures, any structure that鈥檚  been created to model how we鈥檙e going to respond to these things. We鈥檙e finding that they don鈥檛 scale very well sometimes.鈥�

鈥淏ut in my view, starting with the NIST standards for cyber security, these things almost evolve to a standard of care and defensive liability and tort law, so what you're doing is you're having this negotiation that results in a framework or a standard that becomes a rebuttal presumption on a standard of care, and I think that's a good evolution; the right way to do it right now.鈥�

Bob Kolasky

鈥淭he partnerships, and the structure and the trust that's been built in terms of our ability for industry and government and cross-government to work together on challenging risk issues is in the consistency of the framework and the authorities, and how we know how to work together and the structures we've been put in place, and then using them consistently over a period of time in a voluntary fashion has just built a lot of trust into the system.鈥�

鈥淲hat we鈥檙e trying to do, it says in the National Risk Management Center, is identify the delta where risk isn't being managed up to the level of national security interest and try to close that gap in partnership with industry and partnership across the sectors. But not [by] saying, you know 鈥� let me put a bunch of different rules on that demands on you that don't make sense from a market and innovation perspective.鈥�