(Washington, DC) One of the Department of Homeland Security (DHS) officials in charge of executing on the key tasks outlined in President Obama's February 2013 cybersecurity executive order (EO) and public policy directive said yesterday that his agency has found few situations that can cause a catastrophe. "Our critical infrastructure is pretty resilient and we do not see a long list of things that can cause catastrophe," Robert Kolasky, Co-Chair of the DHS Integrated Task Force said during a panel discussing at The Cable Show, the cable industry's big annual conference held here.
Kolasky was mainly referring to the process outlined in the EO whereby DHS is obligated to identify what constitutes critical infrastructure, a controversial task that has to be completed by July 12 of this year. Presumably in developing the list or inventory or identification of critical infrastructure, DHS has examined where potential cyber harm can cause the greatest damage. "It's going to be a really short list of potential catastrophes," he said, noting that communications and electricity are the top two critical infrastructure sectors under examination. "We still come at it from the perspective that communications and electricity are critical."
The communications sector may be in better shape than electricity. "A lot of what we've seen is that there is redundancy and resiliency with communications service," Kolasky said. The situation is different for the electric sector he said later in an interview because of the various structural and geographic factors that make it difficult to build redundancy and resiliency into the electric grid.
Another task in the EO, the development of a comprehensive cybersecurity framework that covers 16 designated critical infrastructure sectors, is well underway with a third workshop on that framework to be hosted in San Diego during the second week of July. Critical infrastructure representatives should be really prepped for that meeting, Donna Dodson, Chief of Cybersecurity for the National Institute of Standards and Technology (NIST), the government arm in charge of developing the framework, told the cable group. "I think it's important from our perspective that people come in to the next workshop with a strong understanding of the executive order and the framework process," she said.
One question dogging the President's EO and policy directive mandates is whether the various agencies involved can meet what some consider to be extraordinarily tight deadlines for a host of difficult tasks on such a complex subject. "With the executive order, we have really stepped it up," Samara Moore, White House Director for Cybersecurity and Critical Infrastructure said. Through an active interagency process, "we've been working together to meet the deadlines."