This publication and the abstract below was published by Gibson, Dunn & Crutcher LLP in December 2017 . ICIT strongly encourages you to visit the Gibson, Dunn & Crutcher LLP Publication Library to search for additional information security resources which are freely available.
Cybersecurity & Critical Infrastructure By Melinda R. Biancuzzo
Nation-states are increasingly using cyber as an offensive tool to collect business information that will enhance their competitive standing and military and diplomatic information to gain an advantage in negotiations or strategic decisions.1 Targets range from government institutions, to industrial facilities, and to private businesses. Nation-state hacking techniques run the gamut, from sophisticated malware tools to simpler, off-the-shelf tools. In many attacks, however, the common element is the exploitation of human individuals within an organization. This is often referred to as an “insider threat,” which is broadly defined to include both intentional actions (e.g., Edward Snowden) and unintentional actions, such as improper or accidental disposal of physical records (e.g., failing to shred a document with your network login information and password), falling victim to a phishing email attack, or losing your laptop or other data storage device. As insiders tend to be the path of least resistance for cyber attacks, government contractors are in the cross-hairs regardless of whether they are operating the government’s information technology (IT) networks or simply have access to sensitive information. Those operating in one or more of the nation’s “critical infrastructure” face an even greater risk. This BRIEFING PAPER explores critical infrastructure cybersecurity specific to the U.S. Defense Industrial Base (DIB).