How do you describe your job to average people?
My job is to coordinate efforts between the government and the private sector, assisting asset owners and operators in the protection of the industrial control systems (ICS) within our nation's critical infrastructure.
Why did you get into cyber security?
Over the years friends hounded me to “get into security.” It sounds like a cliché, but after 9/11, I started to think, “Wow, if this can happen, then maybe I should look at security more seriously.” That, and a lifelong hacker-type mindset.
What was one of your biggest challenges?
Aged critical infrastructure, the majority of which is owned by the private sector, that wasn't designed for the wireless high-tech world is one of my biggest challenges. We address ICS security in an environment where analog systems are directly tied to cutting-edge technology, so it's a moving target. It is a challenge to understand the threat and be able to mitigate any risk associated with it.
What keeps you awake?
It's the emerging and evolving cyber security threats that could be waged against critical infrastructure. I am concerned about the potential impacts of a cyber attack and the potential cost to our country. Cyber domains remain vulnerable to a variety of incidents, and my team is always coming up with ways to mitigate the risks associated with these vulnerabilities.
Of what are you most proud?
I am proud of my dedicated and talented team that is called upon to protect the nation's critical infrastructure. Our team has developed dynamic public/private partnerships, as well as valuable relationships with asset owners and other government agencies.
Marty Edwards is director of the ICS-CERT, an element of the National Cybersecurity and Communications Integration Center within the DHS's Office of Cybersecurity and Communications (CS&C).