HSNW conversation with Bryan WareSecuring critical infrastructure: portfolio based approach
Bryan Ware, the CEO and co-founder of Digital Sandbox, a firm that provides risk analysis and management software and services to the private and public sectors, was recently interviewed by Homeland Security NewsWire’s executive editor Eugene Chow; Ware discusses a portfolio based approach to securing critical infrastructure, what the government can do better to protect critical assets, and the dangers of taking a “Whack-a-Mole” tactic with national security threats
Homeland Security NewsWire: To start off with a broader question, what is the state of preparedness of our national critical infrastructure? Do the bulk of our nation’s critical infrastructure operators have plans in place in the event of a large natural disaster or attack?
Bryan Ware: I think that critical infrastructure providers do have plans, but these plans are more in their business interest and may not necessarily be in the national security interest. Sometimes it may be obvious when the two interests are aligned, but I do not think that is the case all the time.
HSNW: The private sector controls the majority of critical infrastructure – electrical grids, financial markets, nuclear reactors – is there buy-in and support for the government’s efforts to secure these resources from the private sector? Are they making moves independently or does the government need to do more to partner and incentivize them?
BW: I think the government definitely needs to do more, but I think the hard part is figuring out what the government should do and can do. Traditionally, or at least to date, the word partnering is thrown around a lot. I do not think we have arrived at any kind of meaningful partnership in many of the critical infrastructure sectors.
Incentivizing behavior is the direction I would like to see things go, but in general, of the threats and risks to critical infrastructure that we are concerned about, some of them are easy to see while others are hard to prove. The more emerging those threats or risks may be, the harder it is to build a business case. This is where the government needs to be able to provide incentives to help those critical infrastructure providers to develop that business case.
HSNW: To delve a bit deeper into that, the National Infrastructure Protection Plan (NIPP) heavily emphasizes partnering with the private sector. Is the government a good partner? What can they do to be better a partner for the private sector?
BWIn terms of what the government can really do, I would like to see more effective ways for information to be provided to critical infrastructure owners and operators. I would also like to see management from a portfolio standpoint where we can collaborate overall on the systems of assets. Finally, I would like to see DHS provide tools that the owners and operators could actually use to manage their risks.
HSNW: What kinds of tools
