By Gary Warner
This week, President Obama unveiled a set of guidelines issued by the National Institutes of Standards and Technology and a new public-private partnership program. While I join with others in applauding Mr. Obama’s creativity in making progress in protecting our nation’s cyber infrastructure, it is important to note what is and what is not being addressed by these guidelines. Where, for example, does the Target Breach fall?
By Gary Warner
Last Thursday, a chemical storage tank leaked about 7,500 gallons of 4-methylcyclohexane methanol into the Elk River, just one mile upstream from the West Virginia American Water plant. Thankfully, the water plant owner was forward thinking enough to invest in preparedness before an immediate need arose. This undoubtedly helped the plant respond to the chemical leak. Something tells me there’s a lesson there.
Last week, the Center for Effective Government (CEG) posted online a comprehensive list of how much chlorine water utilities have onsite and provided the specific coordinates of where they are stored. This information, while already available in the public domain, has never before been put on a single website because it could more easily give bad actors information to use for nefarious purposes. Here are a few questions for the CEG.
On Monday night, the Washington Sanitation and Suburban Commission (WSSC) announced that in order to do emergency repair work on a major main, it would be shutting down water service to roughly 150,000 people for a period of several days. Unfortunately, instead of celebrating this as a victory and recognizing how well WSSC handled this situation from top to bottom, there are those who are choosing to find ways to blame the utility for causing public alarm.
In an era of diminished budgets and vanishing security grants, a recent break in at the Carters Lake Water Treatment Plant in Georgia highlights how the federal government is leaving small water systems, and the communities they serve, hanging in the wind. I’m not suggesting DHS throw obscene amounts of money at rural water systems, but I would argue that these systems can make major strides with small amounts of money.
In 1999 a technology manager called Kevin Ashton coined the phrase “The Internet of Things”. Today, these “things” now include elements of our critical national infrastructure via what are called SCADA (Supervisory Control And Data Acquisition) systems or ICS (Industrial Control Systems). Unfortunately, these systems can be just as vulnerable to attack as our laptops.
Senior US intelligence officials, including Director of National Intelligence James Clapper and National Security Agency (NSA) Director, Army Gen. Keith Alexander, last month continued the cyberwar drumbeat with warnings to Congress that the US is woefully unprepared for a major cyberattack against critical infrastructures.
The American Society of Civil Engineers (ASCE) has released its latest report card on U.S. infrastructure, and the country again received poor marks across the board. Here is a piece I wrote for Defense Media Network about the continuing problems plaguing America’s infrastructure.
The images from Hurricane Sandy are jaw dropping. From flooded subway stations, waterfalls into the Ground Zero area, destroyed piers, boardwalks and homes, Hurricane Sandy – “The Frankenstorm” – was a big one that Mid-Atlantic States, New Jersey and NYC have long feared. Right now, we don’t know the full costs in lost lives or destroyed infrastructure and homes, but we do know this – it’s going to take some time to get things back to any sense of normal in the affected regions.
On the day before the Labor Day weekend, the White House released the President’s latest “National Preparedness Month” Proclamation. Like last year’s, the proclamation employs the term “resilience.” Yet, the White House remains unwilling to act to establish resilience as the nation’s preparedness objective and daily operating condition. Rhetoric is not results.