Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

Cybersecurity needs a significant place in the emergency management matrix

Friday, October 8, 2021

Categories: ASCF News Cyber Security

Comments: 0

https://www.securitymagazine.com/articles/96242-cybersecurity-needs-a-significant-place-in-the-emergency-management-matrix

Photo: Securitymagazine.com

Costly, dangerous and disruptive cyberattacks are still on the rise, and the recent targeting of critical infrastructure is particularly alarming. This year alone, bad actors have unleashed digital mayhem on vital facilities and organizations between February and June, including more than 150 government agencies (mostly in the U.S.), a Florida water treatment plant and the Colonial gas pipeline.

Criminal groups have found a lucrative business model in launching various cyberattacks against under-protected victims. The number of attacks against critical infrastructure has increased across many sectors, including government offices, power, gas, water treatment plants and transportation control systems. This is concerning because it represents a whole new category of threat — one that goes beyond natural, technological and adversarial failures. We are also facing dangers perpetrated by criminals prepared to put lives at risk by disrupting critical services upon which we depend.

Cyberattacks are different
We need to address cyber threats with more urgency, given the growing risk they pose. This includes making them more of a focus when it comes to emergency planning and disaster preparedness. One important document in the emergency management ecosystem is FEMA’s Comprehensive Preparedness Guide, CPG 101, which guides the fundamentals of planning and developing emergency operations plans.

The guide divides hazards into three categories. The first two are “natural” hazards (caused by forces of nature) and “technological” hazards (events or emergencies involving manmade materials). The third type of hazard is what FEMA calls “adversarial or human-caused” events — a group it describes as disasters created by man, either intentionally or by accident. The examples it lists of these types of hazards are terrorism, school violence, and cyber events.

FEMA recognizes that a capabilities-based approach is required when preparing to prevent, protect against, respond to and recover from all types of emergencies. Effective emergency management focuses on preparedness involving all stakeholders. Whether for natural disasters or cyberattacks, it takes a village to reduce vulnerability to the risks. Given ever-increasing cyber threats, stakeholders should foster a culture of cyber preparedness. This can be done by making cyber events a major hazard category in emergency management.

As a public administration academic, Brian Nussbaum has said, “It is no longer possible to engage meaningfully in emergency management or disaster response without thinking of cyber risks and information technology.” Today’s frequency and scope of cyberattacks are so immense that they warrant being a major hazard category.

Why sharpen our focus?
As a major hazard category, enhanced cybersecurity capabilities within the emergency management spectrum would enable practitioners to collaborate and coordinate across different agencies, functions and all levels of government. To add, it would lay the foundation for stakeholders’ needs for future all-hazards efforts. Just like a traditional response to a natural disaster, stakeholders must also be ready to respond to a cyber event, as a cyberattack can cause physical consequences. These physical consequences could result in significant impacts on governments, businesses and individuals.

It is also vital that cybercriminal activity stays in the public spotlight. A recent Armis survey of Americans found a general lack of knowledge and awareness of major cyberattacks on critical infrastructure. Returning to two of the significant recent incidents mentioned at the beginning of this article, more than 21% of the 2,000 respondents in the Armis survey had not heard about the cyberattack on the Colonial gas pipeline, and 45% of Americans were not aware of the attempted tampering of Florida’s water supply.

Public awareness and support have always been a cornerstone of effective emergency management. However, with the potential threats from cybercrime so high, the public must understand the dangers of any cyber-related event.

Having cyberattacks redefined as a major part of the disaster and emergency planning matrix would also have important benefits at political, leadership and staffing levels. It would ensure policymakers keep cyber risks top-of-mind and give emergency management practitioners a robust platform to spread the message.

Tackling cybersecurity with an emergency management mindset would also help industries that traditionally preferred to pay the ransom rather than take any other steps to prepare their cyber responses. For example, the manufacturing sector receives twice as many attacks as the construction, technology and retail sectors combined because they cannot afford to shut down systems for any length of time. Preparing for cyberattacks can build resilience and help create resistance.

The White House and federal agencies have increased the emphasis on cyber risks this year. Still, momentum must extend further to ensure it becomes a national priority at all levels. As Nussbaum puts it: “Overall, if the goal is to build a nation that is more secure against [cyberattacks], one of the key constituencies that need engaging is state and local emergency managers.” Given the possibilities of cyber threats to come, a unified, top-down approach is urgently needed.

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.