niac issues the report "protecting infrastructure against cyber attacks"

Posted by tzul at 2020-04-02


A report (Draft) adopted by the president's National Infrastructure Advisory Council (niac) in August 2017 pointed out that the United States must seize the fleeting small opportunity to effectively coordinate resources, protect infrastructure and respond to cyber attacks.

Through a review of hundreds of network studies and interviews with 38 industry experts, we have come to the conclusion of what needs to be done to ensure the important infrastructure in the United States to prevent aggressive and targeted network attacks. The Internet is the only arena, and private enterprises are the first line of defense attacks on American infrastructure. When a cyber attack has the same harm or consequences as a real attack, it requires national leadership, collective resources, capabilities, and collaboration among institutions.


We call on the government to take bold and decisive action:

(I) establish an independent and safe communication network specially for the most critical networks, including the "dark fiber" network, the system flow for key control and the reserved spectrum for backup communication in case of emergency.

Departments requiring action: Department of energy (DOE), Department of Homeland Security (DHS), director of national intelligence (ODNI), National Security Council (NSC), strategic infrastructure Coordination Committee (SICC) (power, financial services and communications)

(II) led by the power and financial services sector, promote the pilot of private sector led machine to machine information sharing technology to test the information sharing of public-private enterprises and companies on the Internet against the corporate network threat.

Departments requiring action: DOE, DHS, ODNI, NSC and SICC

(III) identify first-class scanning tools and assessment practices, and work with the owners and operators of the most critical networks to scan and disinfect their systems on a voluntary basis.

Departments requiring action: National Security Council, Department of Homeland Security and Congress

(4) to improve the ability of network security practitioners by sponsoring public-private expert exchange programs.

Sectors requiring action: National Security Council, Department of Homeland Security and Congress

(5) Establish a set of time limited, results based market incentives to encourage owners and operators to upgrade network infrastructure, invest in state-of-the-art technology, and comply with industry standards or best practices.

Departments requiring action: DOE, DHS, ODNI, NSC and SICC

(VI) simplify and accelerate the security clearance process of the most important network asset owners in the country, and accelerate and ensure the feasibility and accessibility of the isolated information facilities (SCIF), so as to ensure that the owners and operators can access the security facilities within one hour after the occurrence of the major threat or event.

Departments requiring action: DHS, ODNI, NSC, FBI, office of personnel management, and all agencies that initiate / sponsor the investigation

(VII) establish a clear agreement to quickly decrypt network threat information, and actively share with key infrastructure owners and operators. Their actions are the front line of national defense against major network attacks.

Departments requiring action: NSC, DHS, ODNI, FBI and intelligence community

(VIII) pilot the expert group in the government, power, finance and communication industries - the expert group is led by managers who can determine priorities and resource allocation, improve the speed and agility required to deal with network threats, and take decision-making actions based on the highest network demand in the country. (illustration on page 16)

Departments requiring action: Department of defense, Department of defense, Department of Finance and Department of Justice (DOJ)

(IX) use state-level gridexiv exercise (November 2017) to test the implementation and capacity of federal authorities during network events, and make suggestions for specific agencies to coordinate and clarify unclear response actions of the federal government.

Departments requiring action: DOE, DHS, ODNI, NSC and SICC

(10) establish an optimal network security governance method, guide and coordinate national network defense, and integrate resources and expertise across federal agencies.

Departments requiring action: DHS, ODNI, NSC, DOJ and DOD

(XI) the national security advisor shall review the recommendations in this report, and convene senior government officials to meet within six months to solve the implementation obstacles and determine the next steps to promote the work.

Sectors requiring action: National Security Adviser

Now is the time to act. As a country, we need to study our cyber security challenges and start to take meaningful actions to improve our cyber security to prevent cyber attacks.

Our country needs direction and leadership to significantly reduce cyber risk. Niac stands ready to continue to support the president in this area.

Two figures in the report are attached: