Securing the Public Sector

Our Critical Infrastructure Depends On It

Helen Patton

--

Dall-E created image of a “government security theat map”. I don’t know what it means either.

Calling all security professionals:

Who and what is the most important part of your supply chain? What is the root system upon which your tree (family, school, work) is based?

Many governments focus on “critical infrastructure” as needing to pay particular attention to cybersecurity — those parts of our society upon which the rest of us rely. Water, power, transportation, medicine, food, education. Good. So they should. But the stark reality is that most of those critical services are run by state and local governments (in the United States, at least), who are the least-resourced organizations in the country. Federal government assistance comes largely in the form of regulations and frameworks accompanied by time-limited funding — sort of helpful, but not really. These organizations need more people doing blue team work, more access to agency decision makers, less technology debt, and more freedom to align security priorities to individual agency outcomes. Right now, they lack enough of these things, and this puts us all at risk.

When I started my security career in the late 90's/early ‘000’s, I had the good fortune to start in Business Continuity. At the time, due to our on-premise technology and the long shadow of 9/11, we focused on recovery of buildings, computers, and people — all the physical things. Later, with the advent of cloud computing, we started thinking about digital resiliency/redundancy, and we were proud of ourselves that location was less of a problem. Now, we are all about “cyber resiliency”, which focuses on making sure our companies and organizations can continue to operate even after a cyber event occurs.

Unfortunately, with the blast radius of current cybersecurity threats, we are back to needing to worry about physical security of things again. What happens when the power grid is taken out? Or the water supply is contaminated? Or the self-driving trucks are hacked? What does it do to our supply chains if our payment systems are completely jacked? Once again, we need to be thinking about the continuity of our supply pyramids. Recent nation-state and terrorist conflicts only drive home further our dependence on extended critical infrastructures that support all that we do.

--

--

Helen Patton

Cyber Security, Technology Ethics, and Humanity. What else? I can be found at CISOHelen.com or on Twitter @CisoHelen or on Mastodon @cisohelen@infosec.exchange