Confronting Escalating Cyber Attacks on Critical Infrastructure

Strategies for Addressing Future Attacks

Cyber attacks are increasingly impacting critical infrastructure, government and wider society with escalating disruptions of essential services that underpin American society and the real potential of debilitating impacts on our physical and economic security as well as public health and safety.

This initiative brings together thought leaders from the government, business and academia for vital insights into the threat and actionable strategies to address it through:

  • Quick Briefs (60 second summaries from each thought leader)

  • To-the-Point Interviews (8-10 minute focused discussion)

Our thought leaders include:

Chris DeRusha

Federal Chief Information Security Officer
U.S. Office of Management & Budget

"We need … a paradigm shift for how we're approaching cyber security. And to me that is zero trust principles … re-architecting the way that our workforce accesses resources, the way that we trust devices, the way that we get give intelligent access. And it really means treating everything as untrustworthy until we prove it otherwise by thorough verification, validation."

Camille Stewart

Global Head of Product Security Strategy
Google

"We've lost sight of the individual. Cybersecurity is centered on people - the malicious actors and the individuals we seek to protect alike."

 

Mikhail Falkovich

Chief Information Security Officer
Con Edison

"A cyber attack … has become one of the highest risks that companies nowadays have to face and so a defense in depth and defense in breadth program … is a must have to enable every organization to protect their assets ..."

Drew Morin

Director of Cyber Strategy
T-Mobile

"A one size fits all does not work in the cybersecurity environment ... it's understanding the sector, what's important to the sector, and then tailoring the overall cybersecurity risk mitigation programs, partnerships, best practices to that sector’s requirements and needs."

Jenny Menna

Vice President, Business Security Risk, Humana
Former Deputy Chief Information Security Officer, US Bank

"[We] need to prioritize our cyber health … to implement those basic cyber hygiene practices … to invest in the people, the processes and the technologies to reduce the critical risk. And we need our government partners … to bring the whole of their capabilities in a coordinated way to lead this joint effort."

Moira Bergin

Subcommittee Director, Cybersecurity, Infrastructure Protection & Innovation
House Committee on Homeland Security

"We're starting to see … real consequences, … that's going to drive action … we're going to have to take the approach of nothing's off the table…government needs to lead by example … to resource … to defend its own networks, and … to better partner with the private sector by providing better intelligence ... better tactical support…"

Suzanne Lemieux

Director, Operations Security & Emergency Response Policy
American Petroleum Institute

"We see … often a lot of victim shaming. And that is not how we're going to better defend our country, our infrastructure … we need to have … companies invest more, but we need to have a better deterrence to what is often criminal actors or nation-states that are adversarial for geopolitical reasons that are targeting private companies."

Randy Milch

Co-Chair, NYU Center for Cybersecurity
Professor of Practice, NYU School of Law
Former General Counsel, Head of Public Policy, Verizon

"We can ... increase cybersecurity by first concentrating on the most important risk issues; next by recognizing that reducing cyber-risk will likely be accomplished by tailoring incentive-based solutions to the type of insecurity we are trying to correct; and finally by recognizing that progress … will be in small steps, not grand schemes"

Bob Kolasky

National Risk Management Center Director,
U.S. Cybersecurity & Infrastructure Agency (CISA)

"We … have to look at systemic solutions…more requirements about better cybersecurity… building cybersecurity to contracts… breaking down barriers to information sharing, and public private partnerships...leveraging financial levers to incentivize additional cybersecurity."

 

Jesse Goldhammer

Managing Director, Cyber & Strategic Risk Practice
Deloitte

"We should reframe cybersecurity as cyber safety... like food safety, or occupational safety, or even transportation safety…We need minimum software and hardware security standards. It’s mind-boggling that we still buy stuff that doesn’t have a minimum security standard."

 

Ed Amoroso

NYU Distinguished Research Professor / Chief Executive Officer, TAG Cyber
Former Chief Security Officer, AT&T

"The challenge in one word is complexity… 100% of the critical infrastructure that's in place today, is probably not sufficiently understood by the people who have responsibility to protect it…take inventory, simplify, learn how things work"

Ryan Boulais

Chief Information Security Officer
AES

"Cybersecurity is a team sport. It's vital that all elements of your organization make it a priority — not just the CISO."

Thought Leader Roundtable

A Thought Leader Roundtable with representatives from both the public and private sectors discuss this challenge — exploring consensus, as well as differences of perspective. This discourse should hopefully inform decision-makers in both business and government. 

Participants:

  • Ed Amoroso NYU Distinguished Research Professor / Chief Executive Officer, TAG Cyber; Former Chief Security Officer, AT&T

  • Moira Bergin Subcommittee Director, Cybersecurity, Infrastructure Protection & Innovation, House Committee on Homeland Security

  • Jesse Goldhammer Managing Director, Cyber & Strategic Risk Practice, Deloitte

  • Bob Kolasky National Risk Management Center Director, U.S. Cybersecurity & Infrastructure Agency (CISA)

  • Jenny Menna Vice President, Business Security Risk, Humana; Former Deputy Chief Information Security Officer, US Bank