{"id":6857,"date":"2018-05-16T09:06:15","date_gmt":"2018-05-16T13:06:15","guid":{"rendered":"https:\/\/aecom.com\/blog\/?p=6857"},"modified":"2018-05-16T09:06:15","modified_gmt":"2018-05-16T13:06:15","slug":"concept-completion-new-normal-cybersecurity","status":"publish","type":"post","link":"https:\/\/aecom.com\/blog\/concept-completion-new-normal-cybersecurity\/","title":{"rendered":"From concept to completion \u2014 the new normal for cybersecurity"},"content":{"rendered":"<p><strong>It\u2019s no secret that hackers regularly seek intellectual property and sensitive data for financial gain. You can\u2019t scan your newsfeed these days without at least one cybercrime headline.<\/strong><\/p>\n<p>Critical infrastructure has already proven to be in the crosshairs, with attacks on power grids and financial systems. From water treatment plants to power grids to mass transit systems, our society depends on the security and resilience of our infrastructure to keep us safe and productive, and attackers know this.<\/p>\n<p>However, protecting critical infrastructure is complicated. The responsibility for protection is shared between private companies and the government entities that commission society&#8217;s infrastructure. Federal agencies need visibility and access to malware and attack information on private networks; without it, they are missing a piece of the puzzle. Private companies need intelligence information and context from the government that helps them differentiate what is significant from the noise. Partnership between government and private companies is essential, yet sometimes presents a bigger challenge than the adversaries themselves.<\/p>\n<p>The need for collaboration is clear, but the execution often fails due to a historic lack of trust and ability to share sensitive information between the public and private sectors. Declassification of key cyber-threat indicators, so that they can be shared with owners and operators of critical infrastructure in a timely manner, is imperative. But as necessary as it may be, it isn\u2019t an easy task when our national security relies on restricting the flow of sensitive information.<\/p>\n<p>And it goes both ways\u2026 Concerns about the ramifications of a security incident for example \u2014 either reputational or legal \u2014 leave organizations reluctant to share with each other, as well as with the government. While it may seem like a good idea to make an example of companies that are breached, there can be the unintended consequence of companies withholding useful information to avoid such risks.<\/p>\n<p>We\u2019re also faced with the challenge of trying to protect antiquated infrastructure and its supporting technology \u2014 not designed with security in mind \u2014 making it cost-prohibitive or impossible to defend.<\/p>\n<p>We must build, or in some cases rebuild, critical infrastructure with security and resilience in mind, from conception to completion. We can no longer afford to think of security as an optional line item or an add-on feature. AECOM\u2019s <a href=\"https:\/\/aecom.com\/services\/converged-resilience\/\">Converged Resilience<\/a>\u2122 approach, providing integrated, holistic solutions to avoid and absorb threats is an example of the thought leadership the industry needs today. The concept of \u201cengineering-in\u201d safeguards must become the new normal.<\/p>\n<p>With an abundance of related standards, frameworks and legislation, the industry has spent a great deal of resources focusing on compliance. The end result is \u201ccompliant\u201d systems that simply aren\u2019t secure. Not only does compliance not equate to security, but it can often create a false sense of security. We must pivot away from mandating and legislating, and move toward measuring security effectiveness.<\/p>\n<p>For Infrastructure Week, I will join fellow security industry colleagues on May 17 to discuss these issues at a Bloomberg Live discussion: \u201c<a href=\"http:\/\/infrastructureweek.org\/event\/future-of-cyber\/\" target=\"_blank\" rel=\"noopener\">The Future of Cybersecurity: Risk and Resiliency Across Critical Infrastructure<\/a>.\u201d If you\u2019re interested in learning more, register via the Infrastructure Week Calendar: <a href=\"http:\/\/infrastructureweek.org\/event\/future-of-cyber\/\" target=\"_blank\" rel=\"noopener\">http:\/\/infrastructureweek.org\/event\/future-of-cyber\/<\/a><\/p>\n<p><strong>This blog post is part of a series covering critical infrastructure-related topics in the lead up to and during <a href=\"http:\/\/infrastructureweek.org\/\" target=\"_blank\" rel=\"noopener\">Infrastructure Week<\/a> and this year\u2019s theme <a href=\"https:\/\/twitter.com\/search?f=tweets&amp;vertical=news&amp;q=%23timetobuild&amp;src=typd&amp;lang=en\" target=\"_blank\" rel=\"noopener\">#TimeToBuild<\/a>.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>It\u2019s no secret that hackers regularly seek intellectual property and sensitive data for financial gain. You can\u2019t scan your newsfeed these days without at least one cybercrime headline. Critical infrastructure has already proven to be in the crosshairs, with attacks on power grids and financial systems. From water treatment plants to power grids to mass [&hellip;]<\/p>\n","protected":false},"author":452,"featured_media":6859,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"yst_prominent_words":[3652,803,406,3635,629,1114,454,1420,359,3653,621,3647,1643,3644,354,2413,3645,3648,3646,614],"class_list":["post-6857","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"acf":[],"_links":{"self":[{"href":"https:\/\/aecom.com\/blog\/wp-json\/wp\/v2\/posts\/6857","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aecom.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aecom.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aecom.com\/blog\/wp-json\/wp\/v2\/users\/452"}],"replies":[{"embeddable":true,"href":"https:\/\/aecom.com\/blog\/wp-json\/wp\/v2\/comments?post=6857"}],"version-history":[{"count":0,"href":"https:\/\/aecom.com\/blog\/wp-json\/wp\/v2\/posts\/6857\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/aecom.com\/blog\/wp-json\/wp\/v2\/media\/6859"}],"wp:attachment":[{"href":"https:\/\/aecom.com\/blog\/wp-json\/wp\/v2\/media?parent=6857"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aecom.com\/blog\/wp-json\/wp\/v2\/categories?post=6857"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aecom.com\/blog\/wp-json\/wp\/v2\/tags?post=6857"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https:\/\/aecom.com\/blog\/wp-json\/wp\/v2\/yst_prominent_words?post=6857"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}