July 27, 2022

Last Updated on January 19, 2024

The Cyberspace Solarium Commission (CSC)’s final report made 80-plus recommendations on “defending the United States in cyberspace against cyber attacks of significant consequences.” One of the key areas of focus for these recommendations was resilience and continuity for our national economy—the concept of “continuity of the economy planning” to help the nation recover from a large-scale, nation-state level cyber attack.

What continuity of the economy planning is in place or in the works? And how might it help your organization?

To share some of the many accomplishments of the Cyberspace Solarium Commission and its many public and private sector supporters, a recent episode of The Virtual CISO Podcast features Mark Montgomery, former CSC Executive Director and now Senior Fellow at Foundation for Defense of Democracies. Hosting the show is John Verry, Pivot Point Security CISO and Managing Partner.

Why plan for economic continuity?

If there is a significant attack on the US, cyber or otherwise, plans have long been in place to ensure continuity of government operations. But how do you recover the US economy itself? Everything from stock and commodity exchanges to your local bank where you keep the money you use to buy food?

From power generation to rail transportation to water utilities to supply chain companies, all our critical infrastructure is interrelated. Figuring out what to prioritize to keep the massive US economy operational is no easy feat.

Yet the matter is urgent as we are already engaged in cyber warfare against multiple adversaries, which are using cyber attacks to undermine our economy and our military advantage. Our critical infrastructure organizations, mostly private companies, are on the front lines of this battleground.

Looking beyond blankets

Surely it’s already some federal agency’s job to jumpstart the economy post cyber apocalypse. What about the Federal Emergency Management Agency (FEMA)?

“A lot of people just say, ‘Don’t worry, FEMA does that,’” Mark relates. “And they absolutely do—for a storm that hits one state. Except they’re not recovering the economy. They’re recovering public health and safety. They get water, tents and food down there, they get diesel generators up to the hospitals. But when the northeast power grid goes down… we need the federal government to run a prioritized restoration of our infrastructure to ensure that we can rapidly restore our economic vitality.”

As Mark explains, restoring power across an entire region won’t be democratic: “When you think about the northeast, returning the exchanges that are run out of New York City… you have to bring them back. Which means you have to integrate the telecom, power and water coming back so those services can get back online in just a day or two. Because every day they’re down, you’re going to lose maybe $100 billion or more in lost GDP opportunity. That adds up fast and then you lose your credibility for running these exchanges, when international competitors want to run some of them.”

“I think it’s very important that we have a plan for how we restore ourselves,” adds Mark. “Not just the electrical power grid, but the whole integrated structure. That’s called continuity of the economy planning.”

What’s next?

To hear the complete episode with former Cyber Solarium Committee director Mark Montgomery, click here.

What is the Biden administration doing about cybersecurity? This podcast covers the sweeping “cyber executive order”: EP#58 – Scott Sarris – The Cybersecurity Executive Order: What You Need to Know

A Checklist for FedRamp.