Warnings about the possibility of a “cyber-Pearl Harbor” attack on our nation's vulnerable critical infrastructure have been promulgated with increased frequency over the past several years. In fact, the systems vital to the everyday operation of our government, economy and well-being are already under attack, and trends indicate they these attacks will continue to increase in number. The current state of cyber vulnerability in critical infrastructure makes it not a matter of “if” a component of critical infrastructure will be taken out, but rather a matter of “when,” and the possibility exists that several such attacks could be chained together in such a way to cause destruction and death on a scale that could paralyze the nation.
This paper proposes two essential baseline factors for cyber-legislation to incorporate in protecting the nation's critical infrastructure: (1) centralized and mandatory threat communication that is carefully tailored and (2) government incentivized, but private industry led security development. For information sharing, this paper proposes that centralization of government and private sharing efforts and modest cyber reporting requirements hold the keys for yielding the situational awareness and collaboration necessary to respond to cyber-attacks. Additionally, careful tailoring of what information is shared can ensure minimal preemption so that privacy and other important societal norms are not essential undermined in the process.
Regarding ICS insecurity, this paper proposes that the government is not best positioned to dictate ICS cybersecurity standards to private critical infrastructure. Rather, the role of the government should be to help private industry overcome cost barriers to better ICS cybersecurity through certification of efforts and providing a menu of strong incentives. Owners and operators are best positioned to select measures from an incentive menu that will best secure their systems going forward.
This paper arrives at these conclusions by first examining the currently existing cyber threat to critical infrastructure through several examples. Secondly, from those examples the paper lays out why critical infrastructure has proven so vulnerable to, and unprepared for, cyberattacks. Specifically, weak information sharing between and amongst government and private industry, and Industrial Control Systems (ICS) not designed for an era of ever increasing network and internet connectivity. Finally, the paper analyzes how several legislative proposals could be utilized to address the vulnerability factors identified, and why current law and executive action falls short of effective cybersecurity.
|Advisor:||Maggs, Gregory E.|
|School:||The George Washington University|
|School Location:||United States -- District of Columbia|
|Source:||MAI 52/02M(E), Masters Abstracts International|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be