As the seventh annual Infrastructure Week is in full swing in Washington, DC, we are reminded that while instrumenting the next generation of the “built world” has enormous potential to change the way we live and steward the environment, cybersecurity must be a forethought – not an afterthought.
We are also reminded that there is no progress in the world of truly smart communities (cities, counties, states, and nations) without a deep commitment to collaboration, and an ongoing effort to bring together public and private resources to ensure what we build will be sustainable for decades and even centuries to come.
The National Institute of Standards and Technology (NIST) has played a vital role in providing a framework for thinking and development, implementation and management of large scale, digitally enhanced projects.
Business leaders and policymakers view their framework as a pillar for managing enterprise cyber risks and threats, convening many organizations to make the framework a practical, living document throughout the year, and providing a quality blueprint for meaningful discussions this week in DC and other cities.
The framework emphasizes that organizations can self-assess their cyber risks, along with the costs and benefits of their information security strategies “internally or by seeking a third-party assessment.” In so doing the framework raises awareness about the good and bad that goes along with data sharing given the nature of the beast with multiple projects, databases, networks, and clouds communicating continually which, without proper security standards and software in place, expands the attack surface.
The NIST does not dictate how to use the framework, and there are no legal regulations or requirements in place based on the framework today. Their framework is beneficial as a structure with a common vocabulary for establishing policy and guiding compliance within an organization or ecosystem.
This week, we expect to follow many important talks on the importance of cybersecurity and applaud the tremendous efforts of the Infrastructure Week team (a non-profit which itself is based on an ecosystem of great organizations), and the leaders who are gathering to debate and promote rebuilding America’s crumbling infrastructure. These organizations and leaders are investing in more networks, broadband, and applications that are currently in process, including funding long-needed rural broadband development.
A 2018 PwC survey ranked the four highest concerns for US CEOs in 2018, with Cyber threats ranked No. 1 at 63%, up from 50% in 2017. Cyber topped overregulation (55%), terrorism (50%), and geopolitical uncertainty (50%).
As our lawmakers and the administration start to detail out the investments made possible by the $2 trillion pledge made across the aisle earlier this week, we are confident a good percentage of this funding will support sound cybersecurity practices. Quality cybersecurity practices don’t drain financial resources; to the contrary, investments in cybersecurity are the ultimate insurance policies, protecting investments and assets, and managing the risks associated with attacks by adversaries so the promise and benefits can be manifest at the intersection of the built and digital world.