"The cyberthreat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront. The national and economic security of the United States depends on the reliable functioning of the nation's critical infrastructure in the face of such threats."
These are the words of the executive order, "Improving Critical Infrastructure Cybersecurity," issued by President Barack Obama on February 12, 2013.
The order was deemed so important that the National Institute of Standards and Technology had a mandate to issue a draft framework to the Department of Homeland Security within 90 days of its issuance. Significant amounts of funds and resources were allocated to help this critical task meet the deadlines. Hundreds of industry representatives and experts were brought together on four different occasions to ensure proper feedback and formatting for the final draft. The discussion draft was issued in August prior to the fourth working group meeting in Dallas, Texas and the final draft for comment was due out October 10.
In comes the government shutdown. All "nonessential" personnel have been furloughed and are not allowed to communicate with the public via formal channels. These nonessential personnel included NIST staff responsible for completing and issuing the final draft for comment. As such, the draft's release has now been delayed until the government is back up and running.
So here's the question. If "cyberthreat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront, and if the national and economic security of the United States depends on the reliable functioning of the nation's critical infrastructure in the face of such threats," why were cybersecurity personnel deemed nonessential during the shutdown? Why was "one of the most serious national security challenges we must confront"put on the backburner?
By the urgency of the executive order we have already admitted as a country that we are ill-prepared for a serious cyberthreat on our critical infrastructure, which includes our financial institutions. Now we make a statement to the world that cybersecurity and the work we deem so critical is at the bottom of the food chain when budget decisions have to be made?
What will be thought of this effort when NIST returns? How seriously will the hundreds of private sector industry organizations that gave up their valuable time and resources take this initiative?
It is a travesty that a government whose most important reason for being is to protect the people from its enemies,both foreign and domestic, has chosen to let politics get in the way of what has been deemed so crucial to the national security of this country.
John DiMaria is a BSI Certification Portfolio Expert, Six Sigma Black Belt, certified Holistic Information Security Practitioner and Master HISP with over 28 years of experience in management systems and international standards. The views expressed are his own.