Securing the Nation’s Critical Infrastructures: A Guide for the 2021-2025 Administration

Securing the Nation’s Critical Infrastructures: A Guide for the 2021–2025 Administration is intended to help the United States Executive administration, legislators, and critical infrastructure decision-makers prioritize cybersecurity, combat emerging threats, craft meaningful policy, embrace modernization, and critically evaluate nascent technologies. The book is divided into 18 chapters that are focused on the critical infrastructure sectors identified in the 2013 National Infrastructure Protection Plan (NIPP), election security, and the security of local and state government. Each chapter features viewpoints from an assortment of former government leaders, C-level executives, academics, and other cybersecurity thought leaders. Major cybersecurity incidents involving public sector systems occur with jarringly frequency; however, instead of rising in vigilant alarm against the threats posed to our vital systems, the nation has become desensitized and demoralized. This publication was developed to deconstruct the normalization of cybersecurity inadequacies in our critical infrastructures and to make the challenge of improving our national security posture less daunting and more manageable. To capture a holistic and comprehensive outlook on each critical infrastructure, each chapter includes a foreword that introduces the sector and perspective essays from one or more reputable thought-leaders in that space, on topics such as: The State of the Sector (challenges, threats, etc.) Emerging Areas for Innovation Recommendations for the Future (2021–2025) Cybersecurity Landscape ABOUT ICIT The Institute for Critical Infrastructure Technology (ICIT) is the nation’s leading 501(c)3 cybersecurity think tank providing objective, nonpartisan research, advisory, and education to legislative, commercial, and public-sector stakeholders. Its mission is to cultivate a cybersecurity renaissance that will improve the resiliency of our Nation’s 16 critical infrastructure sectors, defend our democratic institutions, and empower generations of cybersecurity leaders. ICIT programs, research, and initiatives support cybersecurity leaders and practitioners across all 16 critical infrastructure sectors and can be leveraged by anyone seeking to better understand cyber risk including policymakers, academia, and businesses of all sizes that are impacted by digital threats.

Table of Contents:
Foreword by Glenn Gerstall Chapter 1 Chemical 1.0 About the Chemical Sector Drew Spaniel 1.1 ICS Security in the Chemical Sector—Beyond CFATS Edward J. Liebig Chapter 2 Commercial Facilities 2.0 About the Commercial Facilities Sector Pete Slade 2.1 Digital Supply Chain Security: What Happens When an Organization’s Trusted Solutions Can No Longer Be Trusted? Pete Slade and Dave Summitt Chapter 3 Communications 3.0 About the Communications Sector Tyler Healy 3.1 Accelerating Intelligence to Action Tyler Healy 3.2 Zero Trust for Critical Infrastructure Requires a New Focus on Secure Communications Glen Gulyas Chapter 4 Critical Manufacturing 4.0 About the Critical Manufacturing Sector Chris Grove 4.1 Transitioning Critical Manufacturing to Cyber Resiliency Chris Grove Chapter 5 Dams 5.0 About the Dams Sector Laura Whitt-Winyard 5.1 Under-Funding Dam Sector Cybersecurity Leads to a Flood of Threats Laura Whitt-Winyard Chapter 6 Defense Industrial Base 6.0 About the Defense Industrial Base Travis Rosiek and Robert F. Lentz 6.1 Accelerating DIB Cyber Security and Information Sharing Transformation Travis Rosiek and Robert F. Lentz 6.2 What Is CMMC and Why Is It Important Dr. Darren Death Chapter 7 Election 7.0 About Election Security: Perspectives on Past, Present, and Future US Political Campaigns Brigadier General (ret.) Francis X. Taylor, Joseph Drissel, and Matt Barrett 7.1 Action Plan for More Secure Campaigns—Addressing the Gaping Hole in Our Electoral Process Brigadier General (ret.) Francis X. Taylor, Joseph Drissel, and Matt Barrett 7.2 Preparing for the Future of Election Security—Recommendations for the 46th President The Center for Internet Security 7.3 The Race with No Finish Line: Securing the Next Election in the Wake of 2020 Matthew Travis 7.4 The State of Campaign Cybersecurity Brigadier General (ret.) Francis X. Taylor, Joseph Drissel, and Matt Barrett 7.5 The Price of Liberty—Countering Long-Term Malicious Cyber Influences on Democratic Processes José de Arimatéia da Cruz Chapter 8 Emergency Services 8.0 About the Emergency Services Sector Stanley J. Mierzwa and Lauren Spath-Caviglia 8.1 Case Study—Law Enforcement Digital Forensics and Investigations Review; Results of a Cybersecurity Workforce Readiness Survey Stanley J. Mierzwa and Lauren Spath-Caviglia Chapter 9 Energy 9.0 About the Energy Sector Chris Luras, John Eckenrode, and Donald Heckman 9.1 Securing the Backbone of the US Critical Infrastructure Chris Luras, John Eckenrode, and Don Heckman Chapter 10 Financial Services 10.0 About the Financial Services Sector Hitesh Sheth 10.1 Time for Financial Providers to Lead with Cybersecurity Hitesh Sheth 10.2 Public-Private Partnership in Fighting the Cyber Threat Timothy L. Callahan Chapter 11 Food and Agriculture 11.0 About the Food and Agriculture Sector Timothy Bengson and Itzik Kotler 11.1 For CPG Companies, a Zero Trust Security Strategy Is the Best Supply Chain Defense Timothy Bengson and Itzik Kotler 11.2 Software Helps Feed America—How Do We Keep It Secure? Rusty Sides, Justin Ruth, Will Berriel, Scott McBain, and Michael Deck 11.3 Trust in the Food and Agriculture Supply Chain Starts in the Dirt and Ends on Our Tables Joyce Hunter Chapter 12 Government Facilities 12.0 About the Government Facilities Sector Donald Maclean 12.1 Zero Trust: Buzzword or Panacea? Donald Maclean 12.2 Outdated and Left Behind: Improving and Innovating Our Government Facilities Dr. Nikki Robinson 12.3 Recommendations for Securing Government Facilities Dr. Ron Martin Chapter 13 Healthcare and Public Health 13.0 About the Healthcare and Public Health Sector Krishnan Chellakarai and Itzik Kotler 13.1 How to Navigate a New Era of Threats to the Healthcare Sector Krishnan Chellakarai and Itzik Kotler 13.2 Direct Patient Care Subsector Cybersecurity State of the Union Joey Johnson Chapter 14 Information Technology 14.0 About the Information Technology Sector John Fanguy 14.1 Cybersecurity and Zero Outage: Where CISOs and Mission Leaders Align John Fanguy 14.2 Managing Global Supply Chains and Their Impact on US Critical Infrastructure: What Do Critical Infrastructure Sectors Need to Do, Now and in the Future Donald R. Davidson Jr. Chapter 15 Nuclear Sector 15.0 About the Nuclear Reactors, Material, and Waste Sector Drew Spaniel 15.1 “Security by Isolation” Inhibits Nuclear Sector Resilience and Potential Drew Spaniel Chapter 16 Local and State Government 16.0 About State and Local Government Cybersecurity Rita Reynolds 16.1 Emerging Threats and Challenges Facing State and Local Governments and Why They Should Be Considered Critical Infrastructure Marcela Denniston, Alycia Farrell, Peter Liebert, and Jason Smith 16.2 Innovations for State and Local Governments Marcela Denniston, Alycia Farrell, Peter Liebert, and Jason Smith 16.3 Recommendations to Improve the Cyber Resilience of State and Local Governments Marcela Denniston, Alycia Farrell, Peter Liebert, and Jason Smith Chapter 17 Transportation 17.0 About the Transportation Sector Jerry L. Davis 17.1 From the Ground, through the Air, and Beyond Out There: Over the Horizon Opportunities, Risks, and Challenges in the Transportation System Sector Jerry L. Davis Chapter 18 Water and Wastewater Management 18.0 About the Water and Wastewater Systems Sector Dr. Bradford Sims 18.1 Florida Water Treatment Attack and the Implications for Critical Infrastructure and Cybersecurity—An Exegesis Dr. Ian McAndrew 18.2 Adhering to 12-Stage Process for Achieving Cyber Secured Water and Sewage Operations Daniel Ehrenreich Closing Conclusion Joyce Hunter Afterword: Some Things Change, Some Things Stay the Same Suzette Kent

About the Author :
ABOUT THE EDITOR As the Lead Researcher at the Institute for Critical Infrastructure Technology (ICIT), Drew Spaniel is an expert in information security and technology across the US critical infrastructure sectors. He serves the Institute as a technical expert in cybersecurity, technology, and data science, as well as emerging adversarial trends, threat actor profiling, and legislation and agency initiatives related to information security and privacy. Spaniel earned a Master of Science in Information Security, Policy, and Management from Carnegie Mellon University’s Heinz College and a Bachelor of Science in Applied Physics from Allegheny College.