White House official warns McCrary gathering that cyber threats could get worse; he’s right

,

(Photo courtesy of McCrary Institute)

ANALYSIS

By Troy Turner

[email protected] 

WASHINGTON, D.C. – He works in the White House, so he has the president’s ear. But the American public? That’s another matter.

Most of the nation has no idea who Harry Coker Jr. is, nor could they say what exactly he does, but in essence Harry Coker Jr. and his all-star cyber team are serving a frontline recon/command mission for American defense, and the intel they are gathering warns we’d better be concerned.

Very concerned.

How it affects you

Coker previously served as a senior executive in the CIA, the National Security Agency, and as a career Naval officer after graduating from the U.S. Naval Academy. Today he serves as the national cyber director and is tasked with advising the president on cybersecurity.

That includes protection of our critical infrastructure sectors such as power grids, water safety, healthcare, transportation systems, supply chains, food supplies and so much more.

It also includes the basics behind how our economy operates every day, as in, think about how you use your internet, cell phones, credit and debit cards.

Imagine if all of that just suddenly… stopped.

Last week Coker, speaking at Auburn University’s new office location on Capitol Hill for its McCrary Institute, provided a moving-in-the-right-direction update on the nation’s Cybersecurity Strategy Implementation Plan, where progress is being made in creating partnerships and installing broader defenses of cyber operations big and small, government and private.

Yet, danger lurks, and Coker echoed what top cybersecurity officials have been saying for years when it comes to concern about average Americans not paying enough attention to what could happen.

Or, how to prevent and prepare for it.

China has targets set

The People’s Republic of China (PRC) already has American critical infrastructure and cybersecurity systems targeted for attack, and why might they hit them?

A cyber attack is deemed by many national security experts as one of the most likely actions from China should the PRC and United States enter into conflict over Taiwan. China also is not the only state actor with cyber-attack capabilities.

Consider what Coker earlier told a special congressional hearing in January:

“The threat PRC-sponsored cyber actor, ‘Volt Typhoon,’ as it has been named by a private sector partner, has conducted cyber operations focused not on financial gain, espionage or understanding state secrets, but on developing deep access into critical infrastructure networks to put them at risk.

“If Beijing feared that a major conflict with the United States were imminent, it almost certainly would consider undertaking aggressive cyber operations, leveraging accesses like those developed by Volt Typhoon, against U.S. critical infrastructure and military assets.

“Such a strike would be designed to deter U.S. military action by impeding U.S. decision-making, interfering with the deployment of U.S. forces, and challenging our ability to project power in the region. Such a strike could also impact the American public and the services they rely on every day.”

Yes, cyber attacks could do all of that.

Yes, cybersecurity if taken seriously, funded properly and led across all spectrums by leadership giving the forward-march command, could help us survive the storm.

Not prevent it, but survive and overcome it, and that is where Coker’s talk last week with McCrary Institute senior fellows and other invited guests conjures up the measure of accountability we all should be talking about, from kitchen table to Oval Office.

‘An unacceptable risk’

Implementation plans in the nation’s cyber defense are progressing in a positive manner, with more to come as new priorities and partnerships are taking shape, Coker said, but “the threats we face remain daunting.”

“Our defenses are not impregnable. Aspiring just to manage the worst effects of cyber incidents is insufficient. Our work must continue to evolve to meet the changing landscape,” and that includes defense against a massive attack by state actors such as China, or common criminals, he said.

He referenced China’s threat to U.S. infrastructure and the American public as “an unacceptable risk,” and he shared warnings for Americans living in cyber apathy.

“I’ve been concerned about the awareness of the American public to the magnitude and the significance of the threat, and the potential damage… to our everyday way of life,” Coker said.

How to address that lack of public awareness was not discussed in Coker’s McCrary remarks, and nor was the wide-open debate about why American assets in space should be considered in the list of critical infrastructure sectors getting top cybersecurity attention.

That latter discussion is occurring, however, in other circles, such as in Huntsville, Alabama, where the pulse of the nation’s space and missile assets resonates every day and where cybersecurity has become an integral part of all new rocketry development.

Coker, however, had plenty to talk about aside from those considerations, and it included President Biden seeking additional funding across the board for improved cybersecurity in most of the country’s most important Sector Risk Management Agencies, or SRMAs.

For example:

“The Department of Health and Human Services request has a $12 million increase for the cybersecurity capacity of the Administration for Strategic Preparedness and Response,” Coker said.

“The Environmental Protection Agency requested $25 million in additional SRMA capacity as well as $25 million for its first ever dedicated cyber grant for water utilities.

“The United States Department of Agriculture doubled its SRMA funding request.

“These appropriations will be vital to continue implementation” of the nation’s top cybersecurity strategy, Coker said. “And we are now looking to our partners in Congress to, having kicked off conversations on SRMA responsibilities, fund them. This is what coherence looks like.”

Additionally, he added:

“In the health care and public health sector, HHS will implement their cybersecurity strategy, develop baseline standards for hospitals, and work with Congress to deliver aid to small, rural and critical access care facilities.

“In the water and wastewater systems sector, the EPA will bring more technical assistance to the public water systems that not only keep our taps flowing, but also provide critical coolant for everything from power plants to data centers.

“And, in support of the water sector, USDA will invest in its Rural Water Circuit Rider Program to fully integrate cybersecurity offerings for vulnerable utilities.”

Auburn’s McCrary Institute

Measurables implemented in the plans are a good thing, McCrary Institute director Frank Cilluffo interjected during a follow-up fireside chat with Coker.

“What gets measured, gets done,” he said, expressing support for the benchmarks and goals Coker shared in his talk.

Frank Cilluffo

Coker covered several other topics during the McCrary event, including concern about cyber bad actors recruiting juveniles to do their dirty work.

“It is terrifying to think of our children being used to commit crimes,” he said, adding that more needs to be done to entice younger generations to become interested in cybersecurity as a positive option. “We need to give kids a path to move away from these criminals.”

Thousands of jobs continue to remain vacant across the cybersecurity domain in the United States, one of the reasons Coker cited for his support and appreciation of Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security, for which he serves as a senior fellow.

The institute also is tied to Auburn’s Samuel Ginn College of Engineering, and Auburn is among those producing tomorrow’s cybersecurity experts so desperately needed in almost every spectrum of American society, including its economy, military, academia and government.

An example of the government-academia connection is the recent announcement of McCrary Institute landing a $10 million Department of Energy grant in partnership with Oak Ridge National Laboratory. The two entities will team to create a pilot regional cybersecurity research and operations center to protect the electric power grid against cyberattacks.

The total value of the project, according to the DOE, is $12.5 million, with the additional $2.5 million coming from Auburn University and other strategic partners, of which many could have a vested stake in seeing power grids well protected. One such supporter is McCrary Institute’s major financial backer, Alabama Power Co., which is affiliated with utility giant Southern Company, and thus the extension of cooperation to government-academia-commercial.

Heed the warning

Other touch points mentioned by Coker included protection of the nation’s supply chain, and the dramatic infusion of artificial intelligence into an entirely new frontier of cyber development.

Regarding AI, “I don’t know if there’s ever been such a significant advance in technology available to the public,” Coker told the McCrary audience.

The list of accomplishments in moving federal agencies the right direction with cybersecurity was encouraging to hear from Coker.

The list of still-to-dos, however, remains as long or longer, and as Coker warned, unprepared Americans could see what to them is an invisible danger become a physical impact very quickly if a major cyber attack comes.

The message there: It would be wise to plan accordingly.

Troy Turner is the editor-in-chief and senior consultant for AlaDefense.com, a strategic communications firm with national interests and the host of an Alabama-centric military and defense industry website. He can be contacted at [email protected].

For more information:

CISA: https://www.cisa.gov/ and scroll down to explore areas/defenses of most concern, whether home or business.

McCrary Institute: https://eng.auburn.edu/mccrary/

OTHER STORIES OF INTEREST: