discussion about the
Critical infrastructures are the “physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety (CISA, n.d.).” The types of critical infrastructures range from power plants, hospitals, Internet and communication networks, water supply systems, and food distribution. Individual critical infrastructures are divided by 16 individual sectors by the U.S. government and number in the thousands. Approximately 85% of these critical infrastructures are owned by the private sector. Currently the U.S. government only partners with private industrial cooperatives and other guiding agencies to ensure cyber-security awareness and make technical suggestions regarding the protection against cyber-attack. However, recent ransomware attacks on the private companies Colonial Pipeline and JBS meat supply have caused supply problems in parts of the U.S. and these attacks have underscored how vulnerable these critical infrastructures are to the most basic types of cyber-attack assaults. If you are not familiar with recent or current cyber-attacks, I would encourage you to research the Colonial Pipeline and JBS attacks, or any current attack.
Should the federal government mandate certain levels of cyber-security protection for all critical infrastructures by law?
What level of protection should be mandated?
If they did, what problems would you envision with such a massive effort and intrusion into how private companies run their businesses?
Who should pay for costs associated with meeting mandated
standards?
