MIT experts are urging the Trump administration to take cybersecurity more seriously. According to the experts, electric grids, oil pipelines, and other critical infrastructure in the U.S. pose huge hacking risks, but are widely ignored.
“The digital systems that control critical infrastructure in the United States and most other countries are easily penetrated and architecturally weak, and we have known it for a long time. Yet Presidential leadership on infrastructure security has been hesitant and chiefly rhetorical, while system operators have tended to focus on short-term fixes and tactical improvements,” the researchers wrote in a recently released report.
The 50-page report is designed to show how America’s infrastructure can be protected from cybersecurity threats, and provides recommendations the Trump administration should consider. The report is based on a series of workshops from the industry and government.
According to the report, these systems are so insecure because when the Internet was designed in the early 1970’s, security issues weren’t clear. “Its initial purposes were to assure communications in the event of a nuclear attack through packet-switched routing, and then to serve as the basis for collaboration among geographically dispersed scientists working for the Department of Defense. The relatively few people having access to the original network were a trusted group for whom security was not an issue,” the report states. Because of this, core controls and protocols weren’t designed with security in mind, the network was never meant to “police itself for criminal or offensive behavior,” and there was no clear understanding of who is responsible for securing the Internet.
Once the Internet became commercially available in the 90’s, the network already in place became the backbone of the system.
The report covers a series of challenges that if addressed could help prevent hack attacks in electricity, finance, communications and oil/natural gas sectors. Challenges include: coordination; measuring risks and fragility; reducing risk and optimizing security investment; identifying and responding to cybersecurity risks; reducing component complexity; address system architecture; coming up with a strategy for the nation; and improving cybersecurity training.
Some of the recommendations include: Appointing a deputy national security advisor for cybersecurity to focus on long-term policies; creating a meeting of experts and representatives to assess and measure cybersecurity risks; and proposing legislation for “favorable tax treatment of qualified cybersecurity investment in critical infrastructure,” the report states.
“Our recommendations complement their attention to federal systems,” said Joel Brenner, former NSA inspector general and principal author of the report. “Our current cyber insecurity is a national disgrace, and we must defend the networks that the safety of our nation depends on.”