GARMISCH-PARTENKIRCHEN, Germany -- The light goes out. Residents look to the utility company to fix it, but it's a cyber-attack, and the privately-owned company is not equipped to handle it. The public then looks to the government, which does have the resources for such an attack, but does not provide the electricity.
Marty Edwards, assistant deputy director of National Cybersecurity and Communications Integration Center, and director of Industrial Control Systems, Cyber Emergency Response Team at U.S. Department of Homeland Security, talks about how critical infrastructure is not uniquely or entirely owned by the government so a partnership between the government and the private sector should exist to 81 cyber-security professionals from 22 countries at the International Cyber Summit Sept. 22, 2015 at the George C. Marshall European Center for Security Studies at the George C. Marshall European Center for Security Studies in Garmisch-Partenkirchen, Germany. (Marshall Center photo by Karl-Heinz Wedhorn)
“That's the ‘Triangle of Pain,' where nobody quite knows who is responsible for protecting critical infrastructure from cyber-attacks,” said Simon Ruffle, director of Technology Research and Innovation at the Centre for Risk Studies at Cambridge University. “You've got the public looking to and expecting the government to keep the critical infrastructure working. To fulfill that, the government has to talk to the private sector.”
Government partnership with private industry was one of the main topics covered at the “Protecting Critical Infrastructure and Key Resources in, from and through Cyberspace” summit held Sept. 22 and 23, 2015 at the George C. Marshall European Center for Security Studies.
“We have to work together,” said Charles Kosak, deputy Assistant Secretary of Defense for Defense Continuity and Mission Assurance in Washington, D.C. “The cyber threats that exist today are so complicated and bigger than any one individual, directorate, department, agency or even governments. These challenges require governments to work together, to include outreach and partnership with the private sector and industry.”
More than 80 cyber experts working in government agencies and privately-owned companies from 22 countries attended the conference, sponsored by the U.S. European Command and Marshall Center.
“The Marshall Center is a great institution and was key in bringing policymakers and cyber experts together to talk about how we can address cyber-attacks in the future,” said U.S. Army Brig. Gen. Welton Chase Jr., director of Cyber at EUCOM.
In December 2014, the Marshall Center developed a comprehensive program to explore the increasing domestic, international and transnational challenges in cyber security – Program on Cyber Security Studies.
“Our new cyber security course aims very high,” said Dr. Robert Brannon, dean of the College of International and Security Studies at the Marshall Center. “Our objectives are to influence good governance by way of legislation, policy, and strategy. Lots of other institutions are addressing cyber security threats at the technical level – but as far as I know, we are the only ones looking specifically at policy.”
Guest speakers included ministries of interior, ministry of internal security and U.S. Department of Homeland Security officials, as well as private industry professionals.
“For me and our working group, it's been very helpful to hear (other government agencies and private industry) perspectives that we in the DOD don't often hear,” said Dr. John Clarke, professor of leadership, management and defense planning at the Marshall Center, and who led one of the focus group during the conference. “The question I think we all have to answer is what is the proper role of the Ministry of Defense – DOD – in ensuring that not only its cyber security, but also cyber security that is in private hands. It's incumbent upon the military to find a way to work effectively with private industry to ensure the reliability of those systems.”
Presentations and panel discussions covered in the two days included: identification of best practices in the absence of standards; working together to bring best practices forward to industry to be adopted as standards or best practices; risk management and security controls in a mission assurance environment; the industry standards used to perform self-assessments of cyber health and threats; and, the challenges of conducting normal daily activities while under the constant threat of adversaries.
By Christine June
George C. Marshall Center for Security Studies
Provided through DVIDS
Comment on this article