Advertisement
Subscribe to our daily newsletter.
Subscribe

Critical infrastructure security tech needs to be as good as our smartphones, top NSC cyber official says

Alexei Bulazel said that even as the Trump administration is aiming to ratchet up cyber offense, there’s still a vital role for defense.

By

Listen to this article
0:00
Learn more. This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.
Bulazel mentioned the energy sector in particular, given the potential for hackers to turn off the power in the United States. It’s a sector that relies in large measure on supervisory control and data acquisition (SCADA) systems to monitor and control industrial processes. (Image Credit: AndreyPopov via Getty Images)

The top cyber official at the National Security Council said Tuesday that he’s dismayed by the lag in security technology embedded in critical infrastructure, saying it pales in comparison to the tech in modern smartphones.

“I worry a lot about critical infrastructure cybersecurity,” Alexei Bulazel said at the Billington Cybersecurity Summit. “I also think about the technology that’s deployed in critical infrastructure contexts. This is not the best-in-class software or hardware.”

Bulazel mentioned the energy sector in particular, given the potential for hackers to turn off the power in the United States. It’s a sector that relies in large measure on supervisory control and data acquisition (SCADA) systems to monitor and control industrial processes.

“I think about the phones in our pockets — Android, iPhone, doesn’t matter — really amazing feats of engineering,” he said. “Imagine if our critical infrastructure, if the SCADA system that ran the power or the water or whatever, was as secure as the phone in your pocket. I think a lot of these threats are mitigated; only the absolute apex predator, top-tier actors can get in.”

Advertisement

As a “White House policymaker,” Bulazel said, many of the questions he deals with go away if the technical mark is raised in critical infrastructure. It’s one of the reasons the Trump administration — despite frequently discussing the need to go on offense in cyberspace — is focused on defensive strategies like secure-by-design, he said.

“We are unapologetically unafraid to do offensive cyber,” he said. “It’s an important tool in the toolbox. It’s not the only tool.”

The Trump administration is trying to shift away from “victims” and more to “villains,” Bulazel said. His comments echoed earlier remarks Tuesday from National Cyber Director Sean Cairncross about shifting the cyber risk burden to adversaries.

It’s important to deter hackers, who aren’t like floods or lightning strikes in that they are intentional and deliberate, he said: “This is because a motivated bad actor is trying to give you a bad day.”

Advertisement
Advertisement

More Like This

Advertisement

Top Stories

Advertisement

More Scoops

Latest Podcasts

What happens if CISA 2015 lapses?

Halcyon’s Cynthia Kaiser on the state of ransomware

Dave DeWalt on how to get a board to buy in on cybersecurity

Three proactive strategies for defending against insider threats

Government

Technology

Threats

Policy