News & Insights

Energy Law Exchange

October 9, 2017

NIAC Warns That United States Is “Falling Short” Defending Critical Infrastructure; Recommends Eleven-Step Action Plan


The President’s National Infrastructure Advisory Council (“NIAC”) issued a draft report at the end of August assessing the U.S.’s cyber preparedness related to critical infrastructure.

The report, titled “Securing Cyber Assets: Addressing Urgent Cyber Threats to Critical Infrastructure,” concluded that although the U.S. government and private sector collectively possess the cyber capabilities to defend critical infrastructure from aggressive cyber attacks, they are currently “falling short” in terms of organization and coordination.

In light of its assessment, NIAC recommended that the current administration take the following eleven steps to bolster cyber readiness before a “watershed, 9/11-level cyber attack” occurs. The recommendations—which would require action by Congress, the Department of Justice, the Federal Bureau of Investigation, and numerous other government agencies—include:

1. Establish separate, secure communication networks for the most critical cyber networks;

2. Facilitate a private-sector-led pilot of machine-to-machine information sharing technologies;

3. Identify best-in-class scanning tools and assessment practices, and work with owners and operators of critical networks to scan and sanitize their systems on a voluntary basis;

4. Strengthen the capabilities of today’s cyber workforce by sponsoring a public-private expert exchange program;

5. Establish a set of limited time, outcome-based market incentives to encourage owners and operators to upgrade cyber infrastructure, invest in state-of-the-art technologies, and meet industry standard best practices;

6. Streamline and expedite the security clearance process for owners of the nation’s most critical cyber assets, and expedite access to facilities with enclosed areas used to process classified information to ensure that cleared owners can access secure facilities within one hour of a major threat or incident;

7. Establish clear protocols to rapidly declassify cyber threat information and proactively share it with owners and operators of crucial infrastructure;

8. Pilot an operational task force of experts in government and various critical infrastructure industries to take action on the nation’s top cyber needs;

9. Use the national-level Gridex IV exercise, conducted by the North American Electric Reliability Corporation (“NERC”) and designed to simulate a cyber/physical attack on critical infrastructures across North American, to test federal authorities and capabilities during a cyber incident;

10. Establish an optimum cybersecurity governance approach to coordinate the nation’s cyber defense, align resources, and marshal expertise across federal agencies;

11. Task the National Security Advisor to review the recommendations included in the Report and convene a meeting of senior government officials within six months to address barriers and identify next steps.

NIAC conducted its assessment at the behest of the National Security Council after the May 2017 issuance of Presidential Executive Order 13800, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.”