Former chief of the U.S. Fleet Cyber Command said today that the Federal government and industry must be prepared to work together in the face of adversarial attacks against U.S. critical infrastructure like the electric grid.
“As a nation, we have benefited from 250 years of two-ocean insulation, and, frankly, very calm and otherwise very stable and secure borders,” retired Navy Vice Adm. Timothy White said during the Axonius Adapt conference in D.C. today. “I think as a civil society, we’ve become insulated, and we don’t really appreciate how interconnected we are.”
“It’s way too much like Hollywood to say the 13-year-old in the basement somewhere around the world can achieve effects at scale inside the United States, but it is technically absolutely possible,” White said. “Then if you take a nation state like China or Russia or Iran or North Korea or others, and you mobilize their national intelligence community to solve the problem, to gain the access, to do to DevSecOps, to have a scalable human program to enable access around the globe.”
He added, “no company on its own, and in isolation, will be able to defeat a nation state. That is the power and the promise of a nation state.”
Tony Parrillo, the enterprise IT global head of cybersecurity at Schneider Electric, echoed White’s sentiments, noting that public-private partnerships are critical. “We have to work together, and we have to secure that end-to-end ecosystem,” Parrillo said.
Parrillo noted that a good day in cybersecurity would be when “nothing happens.”
“Every day, we’re having something happen. So, winning, I guess would be … making sure that we have a secure, resilient infrastructure,” Parrillo said. “Making sure that when you need it, you flip that switch and light comes on … If you think about hospitals, if they don’t have electricity people die.”
White, who served as head of U.S. Fleet Cyber Command from 2018-2020, pointed out that U.S. critical infrastructure represents an easy target that, if compromised, would impact a lot of people.
“It’s easy, and we don’t defend it, and there are no consequences to going after it,” White said. “A lot of other nation states are aggressively and actively probing and trying to get a sense of what the U.S. and other nations’ readiness and response would be.”
White referred to the recent discovery of a Chinese-based hacking group – Volt Typhoon – that compromised the IT environments of multiple U.S. critical infrastructure organizations, with the end goal of laying the groundwork for future cyberattacks.
The former Navy official said the best thing the government can do is mobilize awareness at the local level.
“The more that you do on your own at the individual level, as a family, in a community, in a neighborhood, in a town, in a county, all that rolls up,” he continued. “Civil society and citizens [need more awareness] about why they are vulnerable, what an exposed attack surface looks like, what they can do with commonly available tools,” he said.
