Title: National-Tribal Critical Infrastructure Protection: Collaboration for Extraordinary National Security Benefit

This paper examines national and tribal collaborative opportunities to get ahead of the critical infrastructure insecurity problem. Recommendations are viewed through the lens of the Sandia Labs Tribal Cyber-Energy initiative and national security projects. Recommendations include 1) Collaboratively address national priority and shared challenges to gain faster and better solutions to national priority problems on a smaller yet comprehensive American Indian and Alaskan Native sovereign single-point of authority scale 2) Utilize newer standards-based technologies to provide scalable, capable, and manageable solutions for greatly expanded and connected national critical infrastructures 3) Employ Cyber-Physical-Resilient design preliminary analysis to define concept- to-disposition design requirements for preemptive critical infrastructure risk mitigation and baked-in security; 4) Develop data-centric protection to provide increased information asset protection as data shifts from data-owner operated on-premises infrastructure to virtual service provider data-steward owned and operated off-premises infrastructure; and 5) Balance shared solutions with the National Institute of Science and Technology (NIST) Cybersecurity and Risk Management frameworks, and the System Security Engineering Guidelines. As yet unallocated federal funding would support research, development, the timely application of National-Tribal critical infrastructure protection, and critical infrastructure Cyber disruption response and recovery with extraordinary mutual benefits for the foreseeable future. The Critical Infrastructure Insecurity Problem: Rapid modernization and expansive connectivity are due to advances in Information and Communications Technologies that have sweeping cyber impact across all critical infrastructure sectors. Supervisory Control and Data Acquisition and Industrial Control Systems are particularly impacted as systems long separated from the Internet are now being connected and computerized. Virtualization and mobility create a Data Everywhere-User Anywhere paradigm that has evaporated the enterprise network perimeter. There are multi-front technological challenges at play, where long depended on technologies simply don't scale to current needs resulting in a digital dichotomy of competing old and new standards. New standards-based technologies scale but are not as well-known or as widely deployed, which leaves decision makers, stakeholders, and the workforce in a quandary, caught mid-stream between the technological past and the virtual future. Rapid and expansive cyber threat accompanies disruptive change in connectivity and computational dependencies. A lack of action will exacerbate the problem if new technologies roll out without baked-in security design. The Risk: If National-Tribal CIP collaboration to design in security is not done, then an ongoing state of insufficient bolt-on security and elevated threat exposure will remain for years to come.