Cybersecurity, Critical Infrastructure Organizations, and the U.S. Government
     
    Remove Translation Translation
    Original Text

    To address these issues, President Obama and various senators and congressman have proposed several cybersecurity programs such as the NIST Cybersecurity Framework and an increase in threat intelligence sharing between critical infrastructure organizations and federal intelligence and law enforcement agencies. Of course, federal cybersecurity discussions are nothing new. Recognizing a national security vulnerability, President Clinton first addressed critical infrastructure protection (CIP) with Presidential Decision Directive 63 (PDD-63) in 1998. Soon thereafter, Deputy Defense Secretary John Hamre cautioned the U.S. Congress about CIP by warning of a potential “cyber Pearl Harbor.” Hamre stated that a devastating cyber-attack, “… is not going to be against Navy ships sitting in a Navy shipyard. It is going to be against commercial infrastructure.”

    要论及这些问题, Obama总统和各种各样的参议员和议员提出几个cybersecurity节目例如NIST Cybersecurity框架和在分享在重要基础设施组织和联邦智力和执法机构之间的威胁智力的增量。 当然,联邦cybersecurity讨论是没有新东西。 认可一个国家安全弱点, 1998年克林顿总统首先演讲了重要基础设施保护(CIP)以总统决定方针63 (PDD-63)。 紧接着,代理国防部长约翰Hamre警告了美国。 国会关于CIP由潜在的“cyber珍珠港的警告”。 Hamre阐明,毁灭cyber攻击, “…不反对坐在海军造船厂的军舰。 它反对商业基础设施”。

    Security professionals working at critical infrastructure industries have been directly or indirectly engaged with U.S. Federal Government cybersecurity programs and initiatives through several presidential administrations. Given this lengthy timeframe, ESG wondered whether these security professionals truly understood the U.S. government’s cybersecurity strategy.

    工作在重要基础设施产业的安全专家直接地是或间接地美国联邦政府cybersecurity节目和主动性与$$4相啮通过几总统管理。 给出这长的期限, ESG想知道这些安全专家是否真实地了解美国。 政府的cybersecurity战略。

    According to Figure 4, the results are mixed at best. One could easily conclude that the data resembles a normal curve in which the majority of respondents believe that the U.S. government’s cybersecurity strategy is somewhat clear while the rest of the survey population is distributed between those that believe that the U.S. government’s cybersecurity strategy is very clear and those that say it is unclear. ESG views the results somewhat differently, however. In spite of over 20 years of U.S. Federal cybersecurity discussions, many security professionals remain uncertain about what the government plans to do in this space. Clearly, the U.S. Federal Government needs to clarify its mission, its objectives, and its timeline with cybersecurity professionals to gain their trust and enlist their support for public/private programs.

    根据图4,结果被混合最好。 你可能容易地认为,数据类似多数应答者相信美国的一条常态曲线。 政府的cybersecurity战略是有些清楚的,当勘测人口的其余被分布在相信美国的那些之间时。 政府的cybersecurity战略是非常清楚的,并且认为它的那些是不明的。 然而ESG有些不同地观看结果。 竟管在20年美国联邦cybersecurity讨论期间,许多安全专家保持不定关于什么要做的政府计划在这空间。 清楚地,美国联邦政府需要澄清它的使命、它的宗旨和它的时间安排与cybersecurity专家获取他们的信任和征求他们的为公开或私有节目。

    Figure 4. Opinion about U.S. Federal Government’s Cybersecurity Strategy
    Figure 4. Opinion about U.S. Federal Government’s Cybersecurity Strategy

    While critical infrastructure security professionals may be tentative about the Federal Government’s strategy, they would also like to see Washington become more engaged. Nearly half (45%) of critical infrastructure organizations believe that the U.S. Federal Government should be significantly more active with cybersecurity strategies and defenses while 38% believe that the U.S. Federal Government should be somewhat more active with cybersecurity strategies and defenses (see Figure 5).

    当重要基础设施安全专家也许是试探性的关于联邦政府的战略时,他们也希望看华盛顿变得参与。 近一半(45%)重要基础设施组织相信美国联邦政府应该是更激活与cybersecurity战略和防御,当38%相信时美国联邦政府应该是稍微活跃与cybersecurity战略和防御(参见图5)。

    Figure 5. Critical Infrastructure Organizations Want More Cybersecurity Involvement from the U.S. Federal Government
    Figure 5. Critical Infrastructure Organizations Want More Cybersecurity Involvement from the U.S. Federal Government

    Finally, ESG asked the entire survey population of security professionals what types of cybersecurity actions the U.S. government should take. Nearly half (47%) believe that Washington should create better ways to share security information with the private sector. This aligns well with President Obama’s executive order urging companies to share cybersecurity threat information with the Federal Government and one another. Cybersecurity professionals have numerous other suggestions as well. Some of these could be considered government cybersecurity enticements. For example, 37% suggest more funding for cybersecurity education programs while 36% would like more incentives like tax breaks or matching funds for organizations that invest in cybersecurity. Alternatively, many cybersecurity professionals recommend more punitive or legislative measures—44% believe that the Federal Government should create a “black list” of vendors with poor product security (i.e.,  the cybersecurity equivalent of a scarlet letter), 40% say that the Federal Government should limit its IT purchasing to vendors that display a superior level of security, and 40% endorse more stringent regulations like PCI DSS or the institution of laws with higher fines for data breaches (see Figure 6).

    终于, ESG要求安全专家的整个勘测人口什么样的cybersecurity行动美国。 政府应该采取。 (47%)几乎半相信华盛顿应该创造更好的方式与私人部门分享担保信息。 这与敦促公司的Obama总统的行政命令很好排列与联邦政府和分享cybersecurity威胁信息。 Cybersecurity专家有许多其他建议。 其中一些能被认为政府cybersecurity诱惑。 例如, 37%建议更多资助为cybersecurity教育规划,当36%将想要更多刺激象减税或吻合配调为在cybersecurity投资的组织时。 二者择一地,许多cybersecurity专家推荐更加惩罚或立法措施44%相信联邦政府应该建立“黑名单”供营商以恶劣的产品安全(即,  红A字的cybersecurity等值), 40%言联邦政府应该限制它购买对显示安全的一个优越水平的供营商的它和40%支持更加严密的章程象PCI DSS或法律的机关与更高的罚款为数据破坏(参见图6)。

    Figure 6. Critical Infrastructure Organizations Suggestions for U.S. Government Cybersecurity Actions
    Figure 6. Critical Infrastructure Organizations Suggestions for U.S. Government Cybersecurity Actions