US Cyber Infrastructure Lacks Security, Former NSA Official Says
U.S. critical infrastructure is less secure than 15 years ago, despite multiple government-industry efforts, said cybersecurity expert Joel Brenner of Massachusetts Institute of Technology, at an American Bar Association session Wednesday. "We continue to walk backwards on network security," said Brenner, who led a public-private effort to create better internet security when he was senior counsel at NSA. Brenner praised the presidential cybersecurity executive order released in May (see 1705110058), but said more needs to be done, citing his MIT report in March urging political leaders to address "deep strategic weaknesses in the architecture of critical systems." Systems operators are too focused on "short-term fixes and tactical improvements" and most new standards lack the teeth to make real change, Brenner said. Huge risks threaten the communications sector due to the size, complexity and interdependencies of network systems, the report said. Brenner backed liability protections for companies operating critical infrastructure to speed adoption of smarter technological solutions: "Most difficult cyber challenges are legal and commercial, not technological. Unless we can make changes, we will not become more secure."