Nation-states and their proxies, transnational criminal organizations, and cyber criminals use sophisticated and malicious tactics to undermine critical infrastructure, steal intellectual property and innovation, engage in espionage, and threaten our democratic institutions. By 2021, cybercrime damages are likely to exceed $6 trillion per year. Moreover, the interconnectivity of critical infrastructure systems raises the possibility of cyber attacks that cause devastating kinetic and non-kinetic effects. As innovation, hyper-connectivity, and digital dependencies all outpace cybersecurity defenses, the warning signs are all present for a potential “cyber 9/11” on the horizon.
Critical infrastructure provides the services that are the backbone of our national and economic security and the health and well-being of all Americans. Cybersecurity threats to critical infrastructure are one of the most significant strategic risks for the United States, threatening our national security, economic prosperity, and public health and safety. In particular, nation-states are targeting critical infrastructure to collect information and gain access to industrial control systems in the energy, nuclear, water, aviation, and critical manufacturing sectors. Additionally, sophisticated nation-state attacks against government and private-sector organizations, critical infrastructure providers, and Internet service providers support espionage, extract intellectual property, maintain persistent access on networks, and potentially lay a foundation for future offensive operations.
Cybersecurity for the Space Domain
National space assets and operations are critical to the security and economic well-being of the United States. Commercial Space is an increasingly important part of space operations and provide support to other sectors within our critical infrastructure. Space is an inherently harsh environment for operations and space systems are subjected to cybersecurity threats and vulnerabilities. As space becomes a more important to our critical infrastructure, the impact of a cyber attack and the corresponding risk increases. The risk to commercial space operations needs to be understood and managed alongside other risks to ensure safe and successful operations. The NIST Cybersecurity Framework (CSF) has informed the work within this domain at the NCCoE and beyond through interagency agreements (IAA) with our federal partners.