U.S. government slow to react to cyber attacks.

• Author: Larkins, Tim
• Position: CRITICAL INFRASTRUCTURE

Be afraid. Be very afraid. Your health records are at risk. Your financial information is at risk. All of the systems you rely upon in your daily life are at risk.

Perhaps that sounds a bit alarmist. But to some degree, truth does exist within these statements. Over the past decade, thousands of cyber attacks launched against U.S.-based corporations, colleges and universities, and the government itself have cost the country billions of dollars--and the trust of its citizens to keep them safe.

This is the first in a series of articles looking at critical infrastructure in the United States and exploring the consequences of cyber intrusions.

In the last three years, a slew of attacks against various government agencies have occurred, spilling sensitive information on civilians and government employees alike--such as the Department of Veterans Affairs, Department of Treasury, and most recently, the Office of Personnel and Management. In response, politicians attempted to create laws, policies and guidance to better protect the nation.

As early as 1998, the Clinton administration issued Presidential Decision Directive 63 (PDD-63) which sought to define, and thereby protect, the nation's critical infrastructure. PDD-63 was a seminal policy document which set the stage for the future of critical infrastructure protection.

In 2001, pursuant to PDD-63, the Bush administration's Patriot Act attempted to further define and protect critical infrastructure, including physical and virtual systems and assets which are vital to the health, safety and security of the United States.

As with any piece of policy or legislation, PDD-63 and the Patriot Act found themselves in need of updates, so in February 2013, the Obama administration issued Executive Order 13636 (EO-13636), or the "Cybersecurity Order."

EO-13636 was designed to protect the country from an increased rash of attacks. It sought to strengthen the protection of the country's critical infrastructure by improving cyber threat information sharing between the public and private sectors. It developed a technology neutral cyber security risk management framework. And it aimed to incentivize adoption of standardized cyber security practices. According to EO-13636, critical infrastructure includes the systems that provide citizens with power, water, emergency communications and any other services that are critical to daily life.

Within the United States are scores of antiquated defense systems, plants...