After the Inevitable: Response and Recovery from Catastrophic Cyber Attacks on US Critical Infrastructure

About the Topic: U.S. government leaders are making extraordinary efforts to prevent and protect against cyber-attacks on critical infrastructure.  Plans for responding to and recovering from such attacks receive far less attention and are deeply flawed -- especially for catastrophic events when effective plans will be most vital.  Given the rapid growth of cyber threats to the power grid and other critical infrastructure, we should not only continue to strengthen prevention and protection measures, but also assume that a catastrophic cyber-attack will occur and ramp up U.S. response plans and capabilities accordingly. I will argue that the Interim National Cyber Incident Response Plan (which governs the U.S. cyber response system) should be replaced by a plan that is better aligned with industry needs and with “traditional” U.S. disaster response plans, especially the National Response Framework. I will also propose how to structure cyber response planning to maximize “deterrence by denial” and reduce the potential attractiveness of attacking U.S. critical infrastructure for state and non-state adversaries. 

About the Speaker: Paul N. Stockton is Managing Director of Sonecon, LLC. Before joining Sonecon, Dr. Stockton served as the Assistant Secretary of Defense for Homeland Defense and Americas’ Security Affairs from June, 2009 until January, 2013.  In that position, helped lead the Department’s response to Superstorm Sandy and other disasters, guided the Defense Critical Infrastructure Protection program, and oversaw policies and programs to secure DOD’s domestic installations and personnel against terrorism. In September, 2013, Secretary of Defense Chuck Hagel appointed Dr. Stockton to co-chair the Independent Review of the Washington Navy Yard Shootings, which recommended major changes to the Department’s security clearance system that are now being implemented.  Dr. Stockton’s recent publications include articles on cyber security in the Yale Law and Policy Review and other journals. Dr. Stockton holds a Ph.D. from Harvard University and a BA Summa Cum Laude from Dartmouth College.