Center for Infrastructure Protection & Homeland Security

From the Director – September/October 2016

Welcome to the September/October issue of The CIP Report, in which our focus is on the cyber dimension of Critical Infrastructure Security and Resilience. October is National Cyber Security Awareness Month, which is reason enough to focus on this very important subject. If any of us required additional reasons, the events of the past month should convince us. The massive Distributed Denial of Service (DDoS) incident that disrupted domain name server (DNS) infrastructure of the Internet service provider Dyn for an extended period of time represents an evolution in the cyber realm. The early evidence indicates that the attackers used a botnet composed of a massive number of malware-infected Internet-enabled devices to conduct a coordinated attack. This is uncharted territory—the “Internet of Things” (IoT) as a means of attack. Still, this threat is not our only concern.

Stephen Jackson from the Center for Infrastructure Protection & Homeland Security at George Mason University leads our issue with an argument against the suggestion that a new critical infrastructure sector be created to address the security of the United States elections system. Rather, he suggests that our existing constructs should be applied to address this very serious assault on an essential process of democracy. On a related topic, Charity King and Michael Thompson from Argonne National Laboratory assess the vulnerabilities found in the United States elections system by providing in-depth analysis on technologies currently used by election authorities at the state and local levels.

From the international perspective, Danilo D’Elia analyzes the difficulty of constructing a proper cybersecurity policy for industry through an examination of France’s cybersecurity frameworks. Then, Amanda Joyce and Nathaniel Evans of Argonne National Laboratory examine the current state of information sharing at the international level. They propose that the international community adopt an “International Cyber Incident Repository System” to help mitigate the risk of global cyber-attacks.

Next, Taz Daughtrey, an expert in the information assurance field, offers an in-depth look at the IoT. His article explains how the use of “blockchain” technology can increase security for Internet users as the IoT becomes more prevalent. Finally, Michael Thompson from Argonne National Laboratory rounds out our view of cybersecurity through an examination of the cyber-physical nexus. He provides an overview of physical Internet infrastructures, the vulnerabilities they currently face, and the work that remains to be done to increase our understanding of the potential implications of threat scenarios faced by these assets.

We trust you will find these articles thought provoking and the subject of much discussion. We sincerely appreciate the support you provide and the dialogue which follows from each of these issues. As always, your comments and suggestions are most welcome.

Warm Regards,
TroutmanSignature
Mark Troutman. PhD
Director, CIP/HS


The Problem with a New Elections System Critical Infrastructure Sector

Posted: October 13, 2016

Stephen Jackson from the Center for Infrastructure Protection & Homeland Security at George Mason University argues against the Department of Homeland Security suggestion that a new critical infrastructure sector be created to address the security of the United States elections system.

The Cyber-Security Industrial Policy: The Challenges of Structuring a Complex Dialogue

Posted: October 18, 2016

Danilo D’Elia analyzes the difficulty in constructing a proper cybersecurity industrial policy through an examination of France’s cybersecurity frameworks.

Security of Electronic Voting in the United States

Posted: October 20, 2016

Charity King and Michael Thompson from Argonne National Laboratory assess the vulnerabilities found in the United States elections system by providing in-depth analysis on technologies currently used by election authorities at the state and local levels.

International Cyber Incident Repository System: Information Sharing on a Global Scale

Posted: October 24, 2016

From Argonne National Laboratory, Amanda Joyce and Nathaniel Evans examine the current state of information sharing at the international level and propose that the international community adopt an “International Cyber Incident Repository System” to help mitigate the risk of global cyber-attacks.

Securing the Internet of Things

Posted: October 25, 2016

Taz Daughtery offers an in-depth look at the Internet of Things and explains how the use of blockchain technology can increase security for Internet users and combat the risk posed by the increasing number of threat vectors created by expanding networks of things.

Understanding Physical Internet Infrastructure Vulnerabilities

Posted: October 26, 2016

Michael Thompson from Argonne National Laboratory provides an overview of physical Internet infrastructures, the vulnerabilities they currently face, and the work that remains to be done to increase our understanding of the potential implications of threat scenarios faced by these assets.