Dissertation/Thesis Abstract

Critical Infrastructure: Legislative Factors for Preventing a "Cyber-Pearl Harbor"
by Palmer, Robert Kenneth, LL.M., The George Washington University, 2013, 75; 1545831
Abstract (Summary)

Warnings about the possibility of a “cyber-Pearl Harbor” attack on our nation's vulnerable critical infrastructure have been promulgated with increased frequency over the past several years. In fact, the systems vital to the everyday operation of our government, economy and well-being are already under attack, and trends indicate they these attacks will continue to increase in number. The current state of cyber vulnerability in critical infrastructure makes it not a matter of “if” a component of critical infrastructure will be taken out, but rather a matter of “when,” and the possibility exists that several such attacks could be chained together in such a way to cause destruction and death on a scale that could paralyze the nation.

This paper proposes two essential baseline factors for cyber-legislation to incorporate in protecting the nation's critical infrastructure: (1) centralized and mandatory threat communication that is carefully tailored and (2) government incentivized, but private industry led security development. For information sharing, this paper proposes that centralization of government and private sharing efforts and modest cyber reporting requirements hold the keys for yielding the situational awareness and collaboration necessary to respond to cyber-attacks. Additionally, careful tailoring of what information is shared can ensure minimal preemption so that privacy and other important societal norms are not essential undermined in the process.

Regarding ICS insecurity, this paper proposes that the government is not best positioned to dictate ICS cybersecurity standards to private critical infrastructure. Rather, the role of the government should be to help private industry overcome cost barriers to better ICS cybersecurity through certification of efforts and providing a menu of strong incentives. Owners and operators are best positioned to select measures from an incentive menu that will best secure their systems going forward.

This paper arrives at these conclusions by first examining the currently existing cyber threat to critical infrastructure through several examples. Secondly, from those examples the paper lays out why critical infrastructure has proven so vulnerable to, and unprepared for, cyberattacks. Specifically, weak information sharing between and amongst government and private industry, and Industrial Control Systems (ICS) not designed for an era of ever increasing network and internet connectivity. Finally, the paper analyzes how several legislative proposals could be utilized to address the vulnerability factors identified, and why current law and executive action falls short of effective cybersecurity.

Indexing (document details)
Advisor: Maggs, Gregory E.
School: The George Washington University
Department: Law
School Location: United States -- District of Columbia
Source: MAI 52/02M(E), Masters Abstracts International
Subjects: Law
Publication Number: 1545831
ISBN: 9781303426599