Enemies are situating themselves within the cyber operations of U.S. infrastructure sites with the potential of striking at any time, warned Brandon Wales, executive director of the Cybersecurity and Infrastructure Security Agency (CISA).

“We know sophisticated nation-states are pre-positioning inside of our critical infrastructure to conduct attacks at a time and place of their choosing,” Wales said at a recent Northeastern event. He said such attacks would come with the likely intention of trying to “dissuade us from engaging in geopolitical situations—a Chinese invasion of Taiwan or potentially further aggressive escalation from Russia.”

The ongoing attacks by Russia on Ukrainian infrastructure are essentially revealing the adversary’s playbook, said Wales.

The best way to counteract those efforts is to develop a new security web of U.S. government agencies and private industries to collaborate on cybersecurity—while also encouraging college students to make careers in the field, explained Wales and a panel of experts.

Representing a variety of perspectives, they laid out the organizational difficulties and worrisome threats from nations and private hackers that are seeking to disrupt U.S. systems. The event, “Next Steps for Critical Infrastructure & Cyber Security: A Conversation with CISA Executive Director Brandon Wales,” was held at Northeastern’s Innovation Campus in Burlington, Massachusetts, with an additional audience following the discussion online.

Creating collaborations is crucial, Wales said.

“We’re putting more burden on, in some cases, entities that are least capable: How much can you ask a municipal water system to deal with a sophisticated nation-state attack threat that is trying to get inside of their networks?” Wales said. “Municipal governments are operating some of our most essential critical infrastructure—power systems in a number of cases, water systems, public health systems, emergency management systems—and are the least capable of executing it.”

The CISA was formed in 2018 with the wide-ranging mission of strengthening U.S. cybersecurity and creating greater cooperation among and within the states. It operates within the Department of Homeland Security, which was created following the terrorist attacks of Sept. 11, 2001. 

Extreme weather events driven by climate change—including hurricanes, wildfires, heat waves and droughts—are adding to the challenges, said Jason Tama, senior director at the National Security Council. 

“They are a reminder to us all that we must do more to strengthen our infrastructure, services and communities,” said Tama, who provided opening remarks from the White House.

One of CISA’s priorities has been to organize new coalitions for cybersecurity within the U.S., said Wales, who referred to deterrence as an important aspect of defense.

“[If] the adversary knows you’re strong in places, that’s not where they’re going to attack,” Wales said.

The lifeline infrastructures of power, communications, transportation and water tend to be run by different entities that may not be in communication with each other, noted Stephen Flynn, founding director of Northeastern’s Global Resilience Institute. 

“Which of these lifeline infrastructures does the mayor of Boston control?” said Flynn, the event moderator, in providing an example of the dearth of comprehensive oversight. “There’s only one, it turns out: waste water.”

Stephanie Helm, director of the MassCyberCenter at the Massachusetts Technology Collaborative, said she was kept awake at night by the disconnect between the cities and towns throughout the state.

“If there should be a large event of some sort, would we be able to effectively coordinate between the 351 municipalities that we have?” Helm said. “So it’s a little bit about not knowing the threat, and then our response preparation.”

And yet gains are being made throughout New England beyond, the experts noted. In New Hampshire, a consolidated operations center was created after the Sept. 11 attacks.

“Many times, after any type of emergency or national disaster, the biggest challenges are often communications, coordination and situational awareness,” said Don Bliss, former director of Homeland Security and Emergency Management for New Hampshire, noting that the center brings together a variety of agencies. “Whether it’s roads closed, crashes, a flooding situation, they’re able to react very quickly and in a very coordinated way.”

The experts cited the need to recruit young talent to careers in cybersecurity.

“Everybody that’s in here or online has skin in the game,” Joel Carse, deputy commander of the U.S. Coast Guard sector Boston, told the audience. “We’ve got to get better at drawing people in. You may want to be an engineer or a lawyer or something else, but there’s relevance in this.”

“Cybersecurity, it has everything—artificial intelligence, critical infrastructure and climate resiliency,” added Dennis McDermitt, chief information security officer for National Grid. “Whatever you’re interested in, you’ll find it, and you’ll be able to solve hard problems in a very active way.”

For media inquiries, please contact media@northeastern.edu.