Several members of the National Infrastructure Advisory Council resigned last week, and that should make us all concerned for the state of US cyber attack preparedness.
Several members of the National Infrastructure Advisory Council (NIAC), a Homeland Security advisory body, resigned last week.
An unsigned resignation letter obtained by Nextgov gives several reasons for the resignation, including the Trump administration's lack of attentiveness to critical infrastructure and President Trump's recent comments in the wake of unrest in Charlottesville.
The NIAC's role is to advise the president, through the Department of Homeland Security (DHS), on "the security of the critical infrastructure sectors and their information systems."
A majority of security analysts say the US is likely to suffer a cyberattack targeting infrastructure in the next two years, making the NIAC's role a critical one. Eight members of the 28-member council resigned last week, which should be enough to make any security professional concerned for the security of US infrastructure.
Why the NIAC members resigned
The resignation letter lists several reasons why the writer (or writers) stepped down from the NIAC—some moral and some infrastructure-related.
On the moral side of things, the letter says the Trump administration has undermined the "moral infrastructure of the US" through Trump's remarks on Charlottesville, echoing the motivation behind a large group of business leaders leaving other Trump administration positions.
SEE: NIST Cybersecurity Framework: The smart person's guide (TechRepublic)
Infrastructure concerns were the primary issues stated—namely that the Trump administration "has not demonstrated that [it] is adequately attentive to the pressing national security matters within the NIAC's purview, or responsive to sound advice received from experts and advisors on these matters."
The letter further cites leaving the Paris Climate Accord, the revocation of flood-risk building standards, and ignoring the effects of climate change as risks to both physical and informational infrastructure.
A look into the state of cybersecurity readiness
The resignations, which came one day before the release of an NIAC report on cybersecurity readiness, and the letter that accompanied them tilted toward moral indignation, but that indignation is simply part of the core problem the resignees reported: The administration isn't listening to the NIAC or other cybersecurity professionals.
The timing of the resignations and the release of the NIAC report may well be coincidental, but that doesn't change the report's pessimistic tone—the report even says that interviews with government and industry security professionals was "an echo chamber, loudly reverberating what needs to be done to secure critical U.S. infrastructure against aggressive and targeted cyber attacks."
If properly harnessed, the report goes on, the cybersecurity resources in the United States could be effective in preventing a large-scale attack, but harnessing them has been the problem thus far.
If those who resigned are correct in their assessment that the administration is largely ignoring, and even undermining, national cybersecurity efforts, we're in for a "watershed, 9/11-level cyber attack," and the window we have to prevent it is closing.
With such an imminent threat on the horizon it's disheartening—even downright alarming—to see those who have the know-how to prevent it walking away in frustration. Moral indignation or not, these resignations should make us all nervous.
Top three takeaways for TechRepublic readers:
- Several members of the National Infrastructure Advisory Council resigned recently, citing dissatisfaction with the Trump administration's lack of attentiveness to national cybersecurity threats.
- The resignations came a day before the release of an NIAC report on the state of US government cybersecurity. The report says that all the necessary pieces are present, but that the government is falling short of using existing tools effectively.
- The resignations, followed by the report, should make anyone with an interest in cybersecurity nervous: Even federal government-level experts are walking away in frustration at administration inaction.
- Report: 80% of businesses can't properly manage external cyber attacks (TechRepublic)
- MIT: US cyber insecurity a 'disgrace' that Trump needs to take seriously (ZDNet)
- Essential reading for IT leaders: 10 books on cybersecurity (free PDF) (TechRepublic)
- Security flaws in Pentagon systems 'easily' exploited by hackers (ZDNet)
- Cybersecurity in 2017: A roundup of predictions (Tech Pro Research)