I was delighted to read in last week’s Homeland Security Newswire report on Secretary Napolitano’s consideration of “re-merging” the Infrastructure Protection and Cyber Security units.
When we stood up the Department in 2003, I was tasked with the responsibility for infrastructure protection, and at that time, Secretary Ridge charged the Office of Infrastructure Protection with the responsibility for both physical and cyber infrastructure protection. It made sense then as it does now. Trying to cut the Gordian Knot – artificially segregating physical infrastructure from cyber infrastructure when the threats to each are so intertwined – is naïve, ineffective, costly and dangerous.
There is plenty of evidence that terrorists and organized criminals have significant technological capabilities to conduct attacks that simultaneously exploit the vulnerabilities of both domains. Securing a physical structure while leaving it vulnerable to a cyber attack can have the same catastrophic result as could a car bomb.
Information sharing between the domains is still far from where it needs to be – correlating terrorist planning events (surveillance, hacking, etc.) in the cyber world to terrorist planning events in the physical world will serve to better identify and prevent future terrorist attacks. Our homeland security strategy needs to ensure that the government and private sector are assessing and protecting infrastructure holistically and on a rational risk-based approach.
The private sector has finally recognized that the investment in physical security can be negated with a cyber attack and has begun to organize its resources to map into that reality. It is good to see that DHS recognizes that sound ideas transcend politics and is taking steps to merge these two key areas in order to improve our nation’s security.