In the News – This Week in Critical Infrastructure: Week of February 26, 2018

Posted: March 2, 2018 at 5:15 pm

Print Friendly, PDF & Email

This Week in Critical Infrastructure, we look at two articles discussing recent reports released by cybersecurity firm Dragos that look at industrial control systems, as well as opinion pieces discussing federal infrastructure policy at the Department of Energy and Department of Homeland Security.

One Easy Way to Pay for New U.S. Infrastructure

From Bloomberg, Ernest Moniz, Joseph S. Hezir, and Melanie A. Kenderdine present an argument for expanded use of Department of Energy loan programs as a source of short-term financing for vital infrastructure projects until Congress acts on recent proposals to increase investment in infrastructure system upgrades and maintenance. Through these programs, about $40 billion would be available for immediate use with energy infrastructure projects without new appropriations.

Read More…

Cybersecurity at Power Plants Needs Advice It Can Actually Use

Writing for CNET, Alfred Ng discusses findings from security firm Dragos presented in a recent report concerning cyber incidents affecting critical infrastructure. In an examination of 163 vulnerability warnings from 2017, Dragos found that 72 percent only advised operators to “patch their systems,” advice the firm states is unhelpful for as many as 64 percent of systems. The report concludes that security advisories need to be improved to provide more detailed and useful guidance to infrastructure systems operators.

Read More…

Making the Case (Again) for Renaming NPPD

From Mark Rockwell at FCW, this article argues in favor of the long-recurring proposal to rename and re-organize the National Protection and Programs Directorate (NPPD) at the Department of Homeland Security. The proposal, which has passed in the House and is awaiting a vote in the Senate, would transform NPPD into the Cybersecurity and Infrastructure Agency, a move that proponents say would clarify the group’s mission to the public and provide greater standing for the the agency to act as a cybersecurity authority.

Read More…

ICS Cybersecurity Threatened, but Defense Woefully Inadequate

From Power Magazine, Sonal Patel reports on a set of three reports from cybersecurity firm Dragos, Inc. released on March 1. Collectively, these reports examine ICS vulnerabilities, threats, and response efforts, concluding that nearly two-thirds of US industrial control systems face threats that could have severe operational impacts.

Read More…

Write to the Editors at