In the next decade, there's a 1-in-10 chance that our nation's water supply, power grid, transportation system or other critical infrastructure will be hit by a cyberattack.
In the next decade, there's a 1-in-10 chance that our nation's water supply, power grid, transportation system or other critical infrastructure will be hit by a cyberattack, causing a major disruption in service, according to estimates from the World Economic Forum.
The question: Will the country be ready?
The answer might be found in Executive Order 13636. Issued in February 2013, the order calls on the National Institute of Standards and Technology (NIST) to develop a cybersecurity framework aimed at protecting the nation from cyberattacks on all critical infrastructure. The voluntary program will include standards, methodologies, procedures and processes that help owners and operators of critical infrastructure identify, assess and manage cybersecurity-related risks.
The order also encourages cyberthreat information sharing by directing federal agencies to produce unclassified cybersecurity reports. Under the order, a utility or company may, for example, be notified by the government if it is the target of a cyberthreat.
"The White House got involved last year after the Senate blocked passage of a sweeping cybersecurity bill," explains Jeff Grieg, senior vice president of the Burns & McDonnell Business & Technology Services Group. "Although the framework would be voluntary, the order calls on federal agencies to adopt incentives that encourage compliance."
The nature of these incentives and how the NIST framework will integrate with NERC CIP standards remain to be seen, he says.