"This paper discusses federal efforts to unify the public and private domestic sectors in the defense against cyber attack on the industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems that underpin US critical national infrastructure, to offer policy recommendations for synchronizing foreign and domestic cybersecurity efforts, and to realize a resilient and secure infrastructure. The paper intends to provide a policy-level rather than technically-focused discussion. The research was conducted using open-source methods with an intentional focus on US government and media perspectives found in the public record. That is where US international and domestic policies truly take shape. The discussion begins with an examination of what constitutes critical national infrastructure and the roles of ICS and SCADA systems within it. The paper then describes the panoply of actors, vulnerabilities, late-to-need cybersecurity, and threat trends. The examination also touches on the political and social challenges in achieving greater cybersecurity, and then shifts to a description of how the US government divides efforts among its lead cybersecurity agencies and what responses to a cyber attack on ICS or SCADA might look like. The discussion finishes with recommendations for strengthened international consensus on norms for state behavior, formalized public-private relationships, and interagency efforts to realize a more secure and resilient national infrastructure. Actions on many of these recommendations are under way now in dynamic virtual and policy environments, but their momentum should not diminish or the United States risks ceding its strategic power and security."
Air University (U.S.). Air Force Research Institute