Everything you need to know about critical infrastructure protection, between two covers

A non-profit think tank known as the Institute for Critical Infrastructure Technology assembled the thinking of more than 50 thinkers in both cybersecurity and ...

A non-profit think tank known as the Institute for Critical Infrastructure Technology assembled the thinking of more than 50 thinkers in both cybersecurity and infrastructure. The result is a book that is intended to inform the thinking of both government officials and operators with responsibility for critical infrastructure. To hear how it all came together,  Federal Drive with Tom Temin spoke with Joyce Hunter, the Institute’s Executive Director.

Interview transcript:

Tom Temin
Oh, this is a Federal News Network podcast. A nonprofit Think Tank known as the Institute for Critical infrastructure technology. You know, I sit, assembled the thinking of more than 50 thinkers in both cybersecurity and infrastructure. The result is a book intended to inform the thinking of both government officials and operators with responsibility for critical infrastructure here in studio with how it all came together. The Institute’s Executive Director, Joyce, Hunter, Joyce, good to have you with us.

Joyce Hunter
Nice to be here, Tom. Long time no, see,

Tom Temin
yes, well, too long. Let’s put it that way.

And this is a pretty heavy tome, I would not call this beach reading, tell us the purpose behind this book. And then we’ll get to some of how it got put together?

Joyce Hunter
Well, we thought back in I guess it was 2020, right after the pandemic started. So what are we going to do in order to expand the knowledge of Institute for Critical Infrastructure Technology in the workplace, because we weren’t getting together anymore. We weren’t having these executive roundtables and the breakfasts, and you know, those kinds of things. So I had worked on a book when I was still in the administration as the deputy CIO for Department of Agriculture. And we put together the same kind of book with American University. And that was produced by Routledge, who is also the owners of Taylor and Francis, the publishers of this particular book. So I brought the idea to Parham Eftekhari, who is the CEO and the board chair for ICIT. And I said, why don’t we do the same thing. And so he agreed, and thought it was a good idea. And off, we went to the races, we decided to start first with our fellows who are if you want to call them, they’re our advisors, people who come from some of the top cybersecurity organizations and academic organizations in the United States. So we decided to pull together a few of them, they gave us some recommendations. And then we started scouring the trade publications to see who were the thought leaders in this area.

Tom Temin
Yeah. So this is really the authors of the various chapters are a who’s who in cyber and critical infrastructure.

Joyce Hunter
Yes, that is correct.

Tom Temin
And isn’t only about cybersecurity of the infrastructure, or does it also get into physical security?

Joyce Hunter
It actually gets into the crossroads of cybersecurity, national security and critical infrastructure.

Tom Temin
So does that mean?

Joyce Hunter
Anything that has to do with security, including physical , yes.

Tom Temin
Because just recently, we saw someone firing gunshots at a plant, I think, in North Carolina, and nobody ever dreamed that’s a way to bring down parts of the grid. But that’s what happened.

Joyce Hunter
That’s exactly what happened. And so we’re looking at everything in the infrastructure, everything within the environment, that the entire ecosystem.

Tom Temin
Right, and in a case like that, it’s probably cyber clues that will lead to the perpetrators.

Joyce Hunter
That’s right. And, you know, we find behavioral analytics is getting to be more prevalent in looking at behaviors of certain kinds of people so that you can make some kind of predictions.

Tom Temin
Sure. And this book, it says, a guide to the ’21 through ’25 administration, as you mentioned, it was conceived before we knew who that administration would be.

Joyce Hunter
That’s right. That’s right.

Tom Temin
46th presidency, I guess we’re up to now. But it’s not only aimed at administration and federal officials, but really also at the operators. And would you say the state and local level people?

Joyce Hunter
All stakeholders, all stakeholders have anything to do or have an interest in cybersecurity, national security or critical infrastructure.

Tom Temin
And would you say that this book doesn’t simply do what a lot of publications do, and that is to use the word of the late great, Alan Paler of the SANS Institute, admire the problem?

Joyce Hunter
That’s right. This book gives them some practical, not instructions, but suggestions, things that practitioners have used, have seen, have done, like have been there, done that. So these people who have contributed to this book have been there, done that. And these are their recommendations in order to secure the nation’s infrastructure.

Tom Temin
We’re speaking with Joyce Hunter, she is executive director of the Institute for Critical Infrastructure Technology. And this gets into some real deep detail. I mean, there’s chapters about networks segmentation, in the case of that type of infrastructure, designed to control blast radius. I mean, I looked through this and it’s very, very detailed. What kind of review process did this all have to go through?

Joyce Hunter
Oh, my goodness. I was only a chapter contributor before to the other book that I did with American University. I did not know what it took to put something like this together, including the review process. So we had an editor that edited the book, and it was painstaking, needless to say, for the book to be edited. It took a year and a half for it to go through the review process. We had some fellows review it. We had Suzette Kent review it. So we’ve had several people in the industry, current and former, public, private, to review the book before it actually came out.

Tom Temin
Yeah, luckily cybersecurity is one of those things left that’s non-partisan.

Joyce Hunter
That’s right. That’s absolutely right. And we’re so glad that.

Tom Temin
Now, in the time that you were preparing this book, the Cybersecurity and Infrastructure Security Agency, sort of came of age, you might say, and is now richly funded, it can’t add people fast enough. And it has issued a lot of guidance and binding operational directives and so forth. Do you feel with this book coming out, it’s dated the first of this year 2023, publication date? Can you still have influence at this point?

Joyce Hunter
I think we can. Because we did constant reviews as we were going through. And as things changed, we had to go back to the authors and poor authors, we had to go back to the author’s and say, can you rewrite this so that it’s more current? And so that had to happen through the review process, as well, as we are hoping we’re really keeping our fingers, toes and eyes crossed, that this can be viewed as an instructional guide for staffers in Congress so that they can actually use this. And we can actually go in and provide some training and guidance on the critical infrastructures as they change, as they morph. And we plan on doing another one for the next election.

Tom Temin
Or my question is, is that also available as an online resource? Because you would seem to be able then to update it as needed? And then every so often sort of hit the print button, so to speak?

Joyce Hunter
Yeah, it is. But of course, we’ve got to get through the Taylor and Francis, they’re the publisher. So if we make any changes to the book, we have to go back to them, which can take a little while.

Tom Temin
Right. But that’s the general plan And what’s the reaction been so far?

Joyce Hunter
It’s been excellent. People absolutely love it. They think that it’s a long time coming. They wish somebody had done it before. I’m glad that we’re the first ones to actually do something like this as comprehensive like this, with chasing around 50 different cats like this.

Tom Temin
But you have had good administrators. Absolutely. Yeah. People like at CISA said, yeah, everybody, good job, everybody

Joyce Hunter
From CISA, to former Congressman Langevin. To get a lot of people in the industry, they really liked the book.

Tom Temin
And that’s a good point you bring up with Langevin who of course, has left Congress and left a big hole in the cybersecurity expertise of Congress, not just Jim himself, but also the staff. And so there’s always a need to get the new comers or the people freshly in the industry, regardless of the role, up to speed.

Joyce Hunter
And that’s what we plan on doing with this book. We’ve got clearance, saying that this book can be provided as a textbook for federal government employees, so they could get the book, we could give them the book. And there’s no problem with the gift regulation.

Tom Temin
Yeah, my question was, you do charge for the book, I just saw some academic tome that I would like to have in another domain of life, which I won’t mention here, a three volume set that just came out 10 years of work by a team lead at Harvard, I thought, good, I’m gonna buy this one. But $645 for the three volumes, I said, Well, maybe I’ll look at it. It’s at the library. This is less than $645.

Joyce Hunter
Yes. Oh, much, much, much less. It’s around $100 more or less. And if you get it before March 31, you get a 20% discount.

 

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories

    Amelia Brust/Federal News Network

    Shields up: CISA’s response to the targeting of critical infrastructure and what it means

    Read more
    Amelia Brust/Federal News Networkcybersecurity, intelligence, network, computers, technology

    CISA, DHS eye open source software use in critical infrastructure

    Read more