In this five-part series CISO Brian Lozada examines the state of cybersecurity in our nation’s critical infrastructure, what is at risk, what makes it unique and what measures can be taken to bolster its safeguards.

Review of the first four installments

In the first article in this series, I addressed the growing possibility of cyberwarfare. Many cyber experts are debating the notion of whether a cyber war against our nation is a possibility in the near future and, thus, are preparing for it in the event it should occur. Read Part One

In the second article in this series, I more closely examined evolving threats, the challenges of cyberwarfare and the key adversaries the United States faces on the digital battlefield. As these threats grow, so does the need for a solution to protect our nation’s critical infrastructure. Read Part Two

In the third article in this series, I reviewed past initiatives to secure the nation’s critical infrastructure, including the Obama Administration’s 2013 executive order. The order set out to improve the cybersecurity of the nation’s critical infrastructure through voluntary, collaborative efforts involving federal agencies and owners and operators of privately owned critical infrastructures. Read Part Three

In the fourth article in this series, I broke down the framework and assessed its pros and cons. Although not a “quick fix” because it must be tailored to meet the needs of each organization, the framework is unique in that it is a bottom-up approach. It ensures that all organizations within both the public and private sectors are internally prepared for a cyber-attack and that the cybersecurity risk management approaches in place are well aligned with the organization’s business model. Read Part Four


While we are yet to truly see cyberwarfare develop on a larger scale, almost every conflict currently taking place around the world is being fought simultaneously in cyber space in some capacity.

This is just the tip of the iceberg for cyberterrorism. The world has yet to see the cyber equivalent of a 9/11 attack. President Obama’s prioritization of cyber security within our national defense through the Framework for Improving Critical Infrastructure Cybersecurity is just the first of many important steps needed to heighten awareness of the imminent cyber threats against the United States.

The private sector, which owns and/or controls most of our nation’s critical infrastructure, needs to invest in awareness programs that target critical operations based on risks that have been identified through a risk assessment process. These risk assessments should be conducted with guidance from the homeland security community, as well as with targeted information that has been shared by the intelligence community.

However, additional steps are still needed in order to ensure the most effective tactics are being employed to defend the nation in the event of cyberwarfare. The time to act is now, considering that technology is constantly evolving and advancing.

Collective working partnerships between the homeland security enterprise and the high-tech private industries need to become a priority to foster working together collaboratively to counter the threats of the ever-changing terrorist landscape in the cyber arena. The private sector is needed to help identify, remediate and mitigate the cyber threats that are currently facing our nation. Without these partnerships, cyberterrorists will continue to have the advantage.

If cyberterrorists take advantage of the lack of communication between the private sector and the homeland security community and tailor an attack that will cripple our nation’s response efforts, the impact would be significant; this could be managed with proper information and resource sharing and partnerships between the private sector and the homeland security community.

Leave a Reply