Chief Information Security Officer
Prosperous nations sometimes take for granted the safe and reliable critical infrastructures that underpin our economies, governments, and personal well-being; it’s our responsibility to plan and execute key enablers that will secure our future. Similar to how we marvel today at the Roman Empire’s roads and aqueducts, the 3rd millennium will likely do the same with today’s critical infrastructures - that is, if they don’t lead to our downfall. The scope and scale of the critical infrastructure security challenge has frozen ambitions to take on this problem; this presentation will describe a plan and its first several steps.
•Explore a light-touch governance or orchestration board to establish some enduring procedures where such things are helpful.
•Take on the issue of automated information sharing within and among critical infrastructures. The goal is to enable the sharing of threat intelligence and even best practices, and otherwise get people to start working together to create relationships while simultaneously moving the needle.
•Begin to pilot the most promising strategies and capabilities, such as consequence-based engineering. “Test” capabilities to create the most meaningful increases in security and to enrich partnerships. Promote research and innovation on the right challenges, experiment and push the envelope, and fail fast, but on the most important priorities. This approach helps build institutional muscle memory so that responses to actual attacks are quick and effective.
•Rethink the cyber workforce. This will involve creating an environment in which professionals in IT, OT, and Physical security regularly collaborate and rotate job assignments, in recognition that the design of critical infrastructure solutions cannot separate these professions.