RSA 2023: Securing the Nation's Critical Infrastructures

As a fellow at the Institute of Critical Infrastructure Technology (ICIT) and co-author of the book Securing the Nation’s Critical Infrastructures: A Guide for the 2021-2025 Administration, I was honored to be asked to speak at the RSA Conference 2023 in San Francisco on the topic of “Digital Supply Chain Security: What Happens When an Organization's Trusted Solutions Can No Longer Be Trusted?” Many thanks to SafeBreach, who sponsored the event, and for hosting the reception and book signing afterward.


Joining me were Joyce Hunter, the accomplished executive director of ICIT, who was appointed by President Barack Obama as the deputy Chief Information Officer for policy and planning at the Department of Agriculture, serving as both co-author and moderator, and Jerry Davis, a distinguished cybersecurity expert with a wealth of experience in the public and private sectors. Jerry has held key positions at the U.S. Department of Veterans Affairs (VA) and NASA, focusing on cybersecurity in transportation, both ground and space-based. As a fellow at ICIT, he shared his expertise on these topics. The format was a fireside chat, with thought-provoking questions expertly moderated by Joyce.



Together, we collectively talked about the following:

  • The current state of digital supply chain security
  • Importance of supply chain integrity to cybersecurity to national security and critical infrastructure
  • The impact of cybersecurity on agriculture and transportation
  • The challenges involved in securing the supply chain, and some specific examples of supply chain attacks
  • Recommendations for the future, including national responsibility and how government can engage


One of the key aspects of supply chain attacks is their ability to compromise systems on a large scale. For example, the recent multi-level supply chain attack on 3CX demonstrated how one compromised vendor could be leveraged to infiltrate the next vendor in the chain. While supply chains are often perceived as linear, they are, in reality, complex webs of interconnected products and services.


Supply chain attacks fundamentally undermine trust, as the targeted organizations inherently trust their vendors and grant them access to sensitive systems or information. These attacks exploit this trust, causing damage even when the organization believes it is dealing with a trusted supplier.



It was fantastic to connect with Joyce and Jerry at the RSA Conference 2023, and I thoroughly enjoyed the conversations we had both before and after the speaking event. 

About ICIT

The Institute for Critical Infrastructure Technology (ICIT) is the nation’s leading 501(c)3 cybersecurity think tank providing objective, nonpartisan research, advisory, and education to legislative, commercial, and public-sector stakeholders. Its mission is to cultivate a cybersecurity renaissance that will improve the resiliency of our Nation’s 16 critical infrastructure sectors, defend our democratic institutions, and empower current and future generations of cybersecurity leaders. ICIT programs, research, and initiatives support cybersecurity leaders and practitioners across all 16 critical infrastructure sectors and can be leveraged by anyone seeking to better understand cyber risk, including policymakers, academics, and members of the business community. ICIT’s support extends to any organization, regardless of size, which is impacted by digital threats.  

About the book

Securing the Nation’s Critical Infrastructures: A Guide for the 2021–2025 Administration is intended to help the United States Executive administration, legislators, and critical infrastructure decision-makers prioritize cybersecurity, combat emerging threats, craft meaningful policy, embrace modernization, and critically evaluate nascent technologies. The book is divided into 18 chapters. Each chapter focuses on one of the critical infrastructure sectors identified in the 2013 “National Infrastructure Protection Plan (NIPP)”, as well as election security, and the security of local and state government. 

Why the Book was Written 

Major cybersecurity incidents involving public sector systems occur with jarring frequency; however, instead of increasing vigilance against the threats posed to our vital systems, the nation has become desensitized and demoralized. 

This publication was developed to deconstruct the normalization of cybersecurity inadequacies in our critical infrastructure. We examine some of the historical disconnect between cybersecurity and its impact on national security which has led to gaps in safeguarding our critical infrastructures. It was important for us to capture a holistic and comprehensive outlook on each critical infrastructure. To this end, each chapter includes a foreword that introduces the sector and perspective essays from one or more reputable thought-leaders in that space, on topics such as:

  • The State of the Sector (challenges, threats, etc.)
  • Emerging Areas for Innovation
  • Recommendations for the Future (2021–2025) Cybersecurity Landscape

While the current situation of gaps in cybersecurity may seem overwhelming, the book also aims to make the challenge of improving our cybersecurity health and national security posture less daunting, and pave a tangible way forward.

Pete Slade
May 1, 2023