As temperatures rise outside these last few weeks of summer, the heat on cybersecurity initiatives is also being turned up. One sector feeling it – pipelines. A year after introducing new requirements for pipeline operators, the Transportation Security Administration (TSA) has put out an updated set of standards with a keen focus on assessment. While the previous guidelines, which were presented in the wake of the Colonial Pipeline debacle, emphasized plan development, TSA administrator David Pekoske explained that facilities now must put those plans to the test. Other requirements, such as reporting and identifying roles, remain in place.
New Cybersecurity Updates: NIST Framework
But it isn’t just the TSA doubling down on cybersecurity. The National Institute of Standards (NIST) and Technology is expanding on its own outline as well. As covered by FedScoop, NIST recently released an updated version of its Cybersecurity Framework 2.0, which it built around feedback gathered from various industry players. The goal of the revamp is to provide further direction for all organizations on top of critical infrastructure enterprises. “The CSF was developed for critical infrastructure like the banking and energy industries, but it has proved useful everywhere from schools and small businesses to local and foreign governments. We want to make sure that it is a tool that’s useful to all sectors, not just those designated as critical,” stated the chief creator behind the framework, Cherilyn Pascoe.
The enhancements are looking to take the evolving threat landscape into consideration as well. For instance, it offers additional info on ransomware and supply chain risks. It also features a sixth function the previous five that it already highlighted. On top of “identify, protect, detect, respond, [and] recover,” the action strategy now includes “govern.” According to ExecutiveGov, this version of the Cybersecurity Framework is open to public comment through November. 4.
The AI Cybersecurity Challenge
Meanwhile, the White House has unveiled yet another cybersecurity initiative. This time, it’s focus is on AI. The impact of artificial intelligence is undeniable, so the White House is attempting to harness it to improve the nation’s cybersecurity prowess. The Defense Advanced Research Projects Agency (DARPA) has been tapped to run what has been dubbed the “AI Cyber Challenge,” a competition that will award around $20 million to companies that come up with game-changing AI-driven cybersecurity solutions.
The challenge is set to run for two years and is primarily centered around software vulnerabilities. Ultimately, it aims to determine the best ways in which AI can be integrated to protect critical infrastructure systems such as electric grids. With input from companies such as Google LLC and Microsoft Corp., the competition will take place at the DEF CON 2024 cybersecurity conference.
Sources:
- “TSA Updates Pipeline Cybersecurity Requirements” – Dark Reading Staff, Dark Reading
https://www.darkreading.com/ics-ot/tsa-updates-pipeline-cybersecurity-requirements - “NIST publishes expanded draft of key cybersecurity framework” – John Hewitt Jones, FedScoop
https://fedscoop.com/nist-publishes-expanded-draft-of-key-cybersecurity-framework/ - “NIST Opens Public Comment Period for Cybersecurity Framework Update” – Jamie Bennet, ExecutiveGov
https://executivegov.com/2023/08/nist-opens-public-comment-for-draft-of-cybersecurity-framework-2-0/ - “White House to Award $20 Million for AI Cybersecurity Tools” – Terry Lane, Investopedia
https://www.investopedia.com/white-house-to-promote-ai-tech-in-cybersecurity-tools-7574523 - “White House launches contest to improve critical infrastructure cybersecurity with AI” – Maria Deutscher, SiliconANGLE
https://siliconangle.com/2023/08/09/white-house-launches-contest-improve-critical-infrastructure-cybersecurity-ai/
