The Media as Critical InfrastructureProtecting Integrity, Availability of News Reports, Tweets
Should the news media - nytimes.com, Twitter, YouTube and the like - be considered part of the nation's critical infrastructure?
See Also: A Toolkit for CISOs
The Department of Homeland Security defines critical infrastructure as the backbone of our nation's economy, security and health: "Critical infrastructure are the assets, systems and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety or any combination thereof."
If we lose trust in the integrity of the content, it could have terrible repercussions on our economy and society.
Would the incapacitation of mainstream and alternative media outlets as well as social media websites have a debilitating effect on the nation's wellbeing? Indeed, it would.
In some respects, the media are covered as a critical infrastructure, or at least how their content is delivered. According to the Communications Sector-Specific Plan of the National Infrastructure Protection Plan, the federal government considers the wire-line, wireless, satellite, cable and broadcasting capabilities, which includes the transport networks that support the Internet and other key information systems, as critical infrastructure.
But that's the technology, not the content the flows through the communications networks. And developing a cybersecurity framework that only safeguards the transport mechanism isn't 21st century thinking.
Pillars of Information Security
The three pillars of information security are confidentiality, integrity and availability. Events of the past week raise questions about the integrity and availability of the data from media sites.
Some security experts say the attack on the domain registrar for nytimes.com and Twitter that disrupted services to those websites could have been a diversionary action in which the attackers could have created a watering hole that could have led readers to spoofed websites [see Times, Twitter Attacks Raise New Alarms].
When a visitor clicks on nytimes.com, expectations are that the content the reader receives is from The New York Times. If we lose trust in the integrity of the content, it could have terrible repercussions on our economy and society.
In April, hackers breaking into AP's Twitter account posted: "Breaking: Two Explosions in the White House and Barack Obama is injured." Moments later, the Dow industrial average plunged 143 points [see Social Media Needs 2-Factor Authentication]. Imagine the damage that would occur to our economy and society if that type of corruption of data occurred regularly.
We treat postings from mainstream and alternative media outlets as authentic, even if we question the veracity of the reporting and writing. You may not agree with the content of a report from MSNBC (too left-wing) or Fox News (too right-wing), but you believe what's present is authentic information from the correct source.
Treating media content as part of the critical infrastructure would enhance press freedoms, a precious asset worth protecting. Adhering to a common cybersecurity framework being created through a federal government-industry collaboration should not threaten the media's First Amendment rights; acceptance of the framework would be voluntary [see Cybersecurity Framework: Making It Work].
Media companies should join other critical infrastructure operators in considering adoption of those IT security best practices to protect the welfare of the nation and society.