In the News – This Week in Critical Infrastructure: Week of February 26, 2018

From Bloomberg, Ernest Moniz, Joseph S. Hezir, and Melanie A. Kenderdine present an argument for expanded use of Department of Energy loan programs as a source of short-term financing for vital infrastructure projects until Congress acts on recent proposals to increase investment in infrastructure system upgrades and maintenance. Through these programs, about $40 billion would be available for immediate use with energy infrastructure projects without new appropriations.

Writing for CNET, Alfred Ng discusses findings from security firm Dragos presented in a recent report concerning cyber incidents affecting critical infrastructure. In an examination of 163 vulnerability warnings from 2017, Dragos found that 72 percent only advised operators to “patch their systems,” advice the firm states is unhelpful for as many as 64 percent of systems. The report concludes that security advisories need to be improved to provide more detailed and useful guidance to infrastructure systems operators.

From Mark Rockwell at FCW, this article argues in favor of the long-recurring proposal to rename and re-organize the National Protection and Programs Directorate (NPPD) at the Department of Homeland Security. The proposal, which has passed in the House and is awaiting a vote in the Senate, would transform NPPD into the Cybersecurity and Infrastructure Agency, a move that proponents say would clarify the group’s mission to the public and provide greater standing for the the agency to act as a cybersecurity authority.

From Power Magazine, Sonal Patel reports on a set of three reports from cybersecurity firm Dragos, Inc. released on March 1. Collectively, these reports examine ICS vulnerabilities, threats, and response efforts, concluding that nearly two-thirds of US industrial control systems face threats that could have severe operational impacts.