In multiple meetings with President Obama numerous leaders have pushed for a second stimulus package. The response to these calls thus far has been "no, not yet."
Lately Obama has tried to subdue calls for a second stimulus package often stating that the Recovery Act has worked as intended. This has left many to ask the question: Okay what next?
One thought is that the second stimulus package should address fortification of the critical infrastructure of the United States against cyber attacks.
The term Critical Infrastructure is defined as "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on the security, national economic security, national health or safety, or any combination of those matters."
The assets mentioned above are further sub-divided into three categories:
1. Physical - Physical assets may include both tangible property (e.g., facilities', components, real estate, animals, and products) and the intangible (e.g., information). Physical protection becomes an even more difficult task when one considers that 85% of the nation's critical infrastructures are not federally owned. Proper protection of physical assets requires cooperation between all levels of the government and within the private sector.
2. Human - Human assets include both the employees to be protected and the personnel who may present an insider threat (e.g., due to privileged access to control systems, operations, and sensitive area and information). Those individuals who are identified as critical require protection as well as duplication of knowledge and authority.
3. Cyber - Cyber assets include the information hardware, software, data, and the networks that serve the functioning and operation of the asset. Damage to our electronic and computer networks would cause widespread disruption and damage, including casualties. Cyber networks link the United State's energy, financial and physical securities infrastructures.
(Source: DCSINT Handbook No. 1.02)
Per the U.S's National Infrastructure Protection Plan (Department of Homeland Security, 2006), critical infrastructure categories include:1. Agriculture2. Banking and Finance3. Chemical4. Commercial Facilities5. Dams6. Defense Manufacturing7. Drinking Water8. Wastewater Treatment9. Emergency Services10. Energy11. Government Facilities12. Information Technology13. National Monuments and Icons14. Nuclear Reactors and Waste15. Postal and Shipping16. Public Health and Healthcare17. Telecommunications18. Transportation System
NOTE: Homeland Security Presidential Directive 7, issued in December 2003, designated DHS as the lead agency for protecting critical infrastructure.
A second stimulus package that truly focuses on securing the control systems of our critical infrastructure would be money well spent. Not only would it create jobs and improve our ailing economy, it will move to protect our country against cyber attacks that are becoming aggressive, more sophisticated and more successful. Industry experts, military leaders, elected officials and leaders from federal law enforcement agencies have spoke publically about the threats posed by cyber attacks. If that does not paint a scary enough picture, try to imagine the conversations taking place in classified settings about the attacks and infiltrations we never hear about.
A full white paper on this proposal can be viewed HERE.