Now that Donald Trump has become the 45th president of the United States, he will be exposed to the nation’s oft underbelly: cybersecurity. Given rapid advance- ments in information and communication technologies, continued
coupling of the digital domain with the
physical world and advanced persistent
threats, critical infrastructure protection poses a major challenge for the
This is where the president should
focus his efforts. But is either the
Department of Homeland Security
or the Defense Department the right
agency for cyber protection?
Federal, state and local governments rely on critical infrastructure to provide vital services to citizens. We have seen
the news reports—when critical infrastructures fail, the consequences can be severe. The lack of electrical power, telecommunications, financial services, running water or health care
during an emergency could cause mass chaos that stresses the
fabric of trust between citizens and their government. In fact,
if physical attacks were accompanied by cyber attacks on the
nation’s critical infrastructure, hundreds of thousands of lives
could be lost.
The persistent threat stems from a growing number of
increasingly sophisticated Internet users. In 1985, roughly
2,000 people used the Internet, which then supported a
broad community of researchers and developers. Today,
more than 3. 5 billion people use the technology. And critical
infrastructure is increasingly caught in the crosshairs. Last
year, a Kaspersky Lab report noted that hacker group Black-Energy APT attacked power companies in Ukraine, and a
separate SANS Institute report on industrial control systems
indicated that Dragonfly, also referred to as Energetic Bear,
had targeted hundreds of energy companies in North America and Europe.
These industrial control systems often rely on aging applications that run on outdated hardware and infrastructure, creating challenges that are difficult and costly to defend against.
Further, Kaspersky pointed out that the vast majority, or 92
percent, of remotely available control systems’ hosts have vulnerabilities, and 87 percent of these hosts contain moderate-risk vulnerabilities.
The American Society of Civil Engineers, which rates U.S.
infrastructure systems every four years, reported a near-failing
overall grade of D+ in 2013. Today’s leading challenge is that
the systems fail to keep pace with current and expanding
needs, and investment in infrastructure is faltering. Although
funding for homeland security is up 11. 5 percent over 2016, an
increase of $5.2 billion, current funding falls significantly short
of the estimated $3.6 trillion needed to shore up the nation’s
Keeping America Strong, Safe and Free
BY MAJ. GEN. EARL D. MATTHEWS, USAF (RET.) critical infrastructure by 2020. Considering the country’s vul-
nerabilities and lack of resources, as the engineering associa-
tion reports, we must proceed with caution. We do not need to
throw a match if we are covered in gasoline!
In his October remarks to the armed services, then-
candidate Trump said it correctly when addressing the
need to crush cyber crime: “We should not let this be like
the history of the Mafia, which was allowed to grow into a
nationwide organization that infiltrated and corrupted so
many areas of society for such a long time. We can learn
from this history that when the Department of Justice, the
FBI, the DEA and state and local police and prosecutors
were combined in task forces directed at the Mafia, they
were able to have great success in prosecuting them, seizing
their business interests and removing their infiltration from
legitimate areas of society.”
Beyond a cyber task force approach, perhaps the first step
for the administration is to elevate U.S. Cyber Command
(CYBERCOM) to a unified combatant command, separate
from the National Security Agency (NSA). The current NSA/
CYBERCOM arrangement was created in 2010, which when
viewed through the lens of Bezos’, Moore’s and Metcalfe’s
laws, is eons ago. It makes sense to split the NSA director and
the CYBERCOM commander roles to create a span of control
that is manageable and aligned with each organization’s mis-
sion. The NSA and the Defense Information Systems Agency
(DISA) then would become component commands. In this
new, elevated organization, CYBERCOM, not the Department
of Homeland Security, would be better positioned to defend
U.S. critical infrastructure.
If the separation happens, CYBERCOM faces the key issue
of funding to develop required capabilities while building up
its force structure. The challenge will be choosing the right
time and the right processes to enable both organizations to
accomplish their missions while diminishing risk to the nation.
Fragmented governance, insufficient policy and a shortage
of skilled cybersecurity professionals add to the challenges the
next administration must address.
However, as Albert Einstein said,
“In the middle of difficulty lies
opportunity.” The Trump administration must ensure that future
budget cycles reflect the national
need for critical infrastructure
protection, including investments in strategy, design and
skills acquisition. In doing so, we can contribute to America’s
strength, safety and freedom.
Maj. Gen. Earl D. Matthews, USAF (Ret.), the former
director of cyberspace operations in the Air Force’s Office
of Information Dominance and Chief Information Officer,
is vice president of Hewlett Packard Enterprise’s Enterprise
Security Solutions Group for HPE Enterprise Services, U.S.
Public Sector. The views expressed are his alone.
To share or comment
on this article go to