Ultra Intelligence & Communications

Navy Admirals Seek Greater Accountability in Securing Critical Infrastructure

March 2nd, 2016 / By

SecDef Asked to Add ICS Security to Monthly Cyber Scorecard


Stating that weaknesses in industrial control system (ICS) security “will have serious consequences on our ability to execute assigned missions if not addressed,” the letter I recently received was addressed to Defense Secretary Ash Carter. In it, two Navy admirals asked the Secretary to require improved control-system security by adding it as a priority in the cyber scorecard.

Many of us in the ICS cybersecurity industry know this scorecard well. For those who don’t, it is an automated means of overviewing vulnerabilities to the military’s computer networks, weapons systems and installations to help officials implement corrections. The scorecard is submitted monthly to the Secretary, holding DoD officials more accountable for system-security shortcomings.

I share the view of other leaders and stakeholders that consider this official overture a remarkable indicator of new urgency to secure critical control systems. The letter originally came my way through a longtime Navy contact who has shared with us a tireless and mostly behind-the-scenes pursuit for comprehensive ICS cybersecurity. He, my colleagues and I were encouraged by the admirals’ assertion: “We must establish clear ownership policies at all levels of the Department, and invest in detection tools and processes to baseline normal network behavior from abnormal behavior.”

The February 11 letter seems to up the ante from earlier guidance issued by the Department of Homeland Security in its paper, “Seven Steps to Effectively Defend Industrial Control Systems.” The seven steps were directed in December to the wider ICS industry, while the cyber scorecard appeal targets US defense operations.

All of us at 3eTI applaud so amplified a call at our military’s top tiers for secured ICS. The admirals’ letter cites “a seven-fold increase in cyber incidents between 2010 and 2015 on critical infrastructure.” If vulnerabilities are not corrected, the next intrusion may well unleash the “nefarious” payload the admirals speak of that debilitates “our installations’ mission critical infrastructure.”

We are devoted to the prevention and remediation of such an attack, as our many clients in the US military know. A recurring blog theme for us, we live to tackle the least understood yet most potentially devastating threats to systems controlling the water we drink, and the energy that powers our homes and offices. I’m proud to offer a response on behalf of 3eTI to the bold scorecard request issued by Adm. Gortney and Adm. Harris. Read it here.