Strengthening the Foundation: The Importance of Resilient Critical Infrastructure Cybersecurity

At the end of May, Reuters reported that Western intelligence agencies and Microsoft had evidence of a state-sponsored Chinese hacking group spying on a collection of U.S. critical infrastructure organizations. On top of that, investigators believe that the group was targeting the island of Guam, a U.S. territory and home to American military bases. In response, the NSA urged critical infrastructure operators to remain alert to any suspicious activity.

This case is just one of the latest examples demonstrating the importance of establishing thorough critical infrastructure cybersecurity practices, which means enhancing OT and ICS cybersecurity. As Info-Tech Research Group put it in a press release, “In the era of automation and industrial digitalization, the modernization of industrial control systems (ICS) is on the rise in the utilities industry. However, there is a lack of comprehensive understanding among information technology (IT) and operational technology (OT) leaders regarding the driving factors behind ICS modernization…”

Basically, we need to keep up with OT and ICS modernization faster than malicious actors in order to protect the essential companies, facilities, and networks that they support. So, what are some new initiatives to come from this pursuit?

CISA Builds Coalition Dedicated to Addressing Remote Access Software

 In a recent post published to its website, the Cybersecurity & Infrastructure Security Agency (CISA) explained that “Remote access software provides organizations with a broad array of capabilities to maintain and improve information technology (IT), operational technology (OT), and industrial control system (ICS) services.” That quality also makes it appealing to cyber criminals. To help entities ward them off, CISA announced that it partnered with the FBI, NSA, Multi-State Information Sharing and Analysis Center, and the Israel National Cyber Directorate to produce the Guide to Securing Remote Access Software. The guide outlines cybersecurity requirements, the type of threats such systems face, best defense practices, and more.

NNSA and the State of Nuclear Cybersecurity

Elsewhere in government land, the U.S. Government Accountability Office (GAO) is reviewing the National Nuclear Security Administration (NNSA)’s approach to cybersecurity. It concludes that NNSA’s strategy for identifying, tracking, and reducing cyber risk is still in “early stages of development.” It’s important that NNSA pick up the pace in its efforts because contractors are transitioning more and more to digitized manufacturing and industrial control processes.

To make matters more complicated, “NNSA has estimated that there could be hundreds of thousands of OT systems at sites across the nuclear security enterprise,” as explained by GAO.

However, NNSA insists that it is furthering tactics to catalog these systems and is in the midst of assembling an OT-specific guidebook.




You Might Also Like...