Federal council to Trump: Cyber threats pose ‘existential threat’ to the nation

The National Infrastructure Advisory Council (NIAC) published a draft report addressed to President Trump this week that found cyber threats to critical infrastructure pose an “existential threat” to national security and recommended “bold action” in response.

The NIAC, which is made up of industry officials and those from state and local governments involved in critical infrastructure, including former National Security Agency Deputy Director Richard Ledgett, strongly urged Trump to take action to protect energy-, communications- and financial-critical infrastructure.

“Mr. President, escalating cyber risks to America’s critical infrastructures present an existential threat to continuity of government, economic stability, social order, and national security,” the NIAC wrote. “U.S. companies find themselves on the front lines of a cyber war they are ill-equipped to win against nation-states intent on disrupting or destroying our critical infrastructure.”

The members wrote in the draft report that “bold action is needed to prevent the dire consequences of a catastrophic cyber attack on energy, communication, and financial infrastructures. The nation is not sufficiently organized to counter the aggressive tactics used by our adversaries to infiltrate, map, deny, disrupt, and destroy sensitive cyber systems in the private sector.”

In order to combat threats, the NIAC recommended that Trump establish a “Critical Infrastructure Command Center” to help share classified threat information between government agencies and companies at risk and to also make it a top priority of the intelligence community to gather and disseminate information on nation-states and other malicious actors trying to target U.S. critical infrastructure.

Beyond these steps, the NIAC urged Trump to issue an executive order to create the “Federal Cybersecurity Commission,” a government entity that would be charged with mitigating potential “catastrophic” cyber risks or attacks on critical infrastructure.

The NIAC zeroed in on threats to the supply chain involved in providing equipment for critical infrastructure systems and recommended that Trump “provide liability protections” to allow for blacklisting of cybersecurity products that may pose a threat to critical infrastructure.

“Incremental steps are no longer sufficient; bold approaches must be taken,” NIAC members wrote to Trump. “Your leadership is needed to provide companies with the intelligence, resources, and legal protection necessary to win this war and avoid the dire consequences of losing it.”

The report was compiled following a request from the National Security Council in September that the NIAC look into how the government and private industry can collaborate on ways to fight back against cyber threats.

The members referenced as evidence of critical threats findings of the annual Worldwide Threat Assessment compiled by the intelligence community and presented by former Director of National Intelligence Daniel Coats to Congress in January.

The report found that China, Iran and Russia have the ability to launch disruptive cyberattacks on U.S. critical infrastructure, including the electric grid, with Coats noting specifically that “Moscow is mapping our critical infrastructure with the long-term goal of being able to cause substantial damage.”

NIAC members sounded the alarm in the report, writing that “it is not a matter of if, but when, an attack will happen. Our window of opportunity to thwart a cyber 9-11 attack before it happens is closing quickly.”

The report is dated Dec. 12, which is the day the NIAC is scheduled to discuss the draft report. The meeting will also include comments from Christopher Krebs, the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.