As a company that works at the intersection of cybersecurity and critical infrastructure sectors, an important area we must keep our eyes on is compliance and regulations. With a growing emphasis on keeping systems and networks within our country and beyond safe, there has been an onslaught of policies and other federal and government-driven initiatives introduced. Not only are they telling of the standards that need to be exceeded, but of what industries and challenges still need more attention. Let’s dive into some of the latest.
NIST Cybersecurity Framework 2.0 (CSF)
While we’ve covered NIST’s CSF before, it’s worth bringing up again as we move closer to its implementation in 2024. Security Intelligence recently rounded up what to expect as you prepare for its reality, and the key phrase is risk management. Risk management is one of the main elements of the Biden Administration’s National Cybersecurity Strategy and serves as a leading factor for the pillars that the CSF prioritizes, which include “defend critical infrastructure,” “invest in a resilient future,” among others. CSF also distinctly features a focus on reducing supply chain security risk with guidelines on this particular type of management.
The Food and Agriculture Industry Cybersecurity Support Act & The Cybersecurity for Rural Water Systems Act
An emphasis on supply chain safety is seen in another recently introduced proposal. U.S. senators have put forth the Food and Agriculture Industry Cybersecurity Support Act, which would enact the creation of a National Telecommunications and Information Administration hub to help “agricultural producers secure technology, equipment and hardware to protect their operations,” according to Government Technology. In turn, the distribution of their goods would face less potential for disruption due to something like a ransomware attack.
Additionally, they introduced the Cybersecurity for Rural Water Systems Act. This seeks to provide enhanced resources to tackle existing and potential flaws in rural water systems, especially considering that only 20% of water and wastewater systems in the U.S have adopted proper cybersecurity protections.
As great as these pursuits are, they themselves do not come without flaws. For instance, Security Intelligence points out that the CSF doesn’t address emerging topics such as generative AI, which is sure to impact cybersecurity moving forward. Meanwhile, it has become clear that trying to align all of these different guides and proposals is a difficult task.
As Christian Vasquez writes for CyberScoop, “In recent weeks, the White House has embarked on a dizzying task: trying to harmonize the exceedingly broad number of cybersecurity-related regulations and technical standards set by industry that corporations and critical infrastructure operators must abide by.”
Not only are there 16 critical infrastructure sectors to consider, but there are various agencies that may require reporting for a certain organization, several forms for information, etc. On top of that, operations technology (OT) is largely left out. When discussing critical infrastructure, this is certainly an issue that must be included. As policies, regulations, and guidelines evolve, there is also a growing need to include advancements such as cloud technology.
Needless to say, there is still a lot more to look out for, and Dynics will be watching.
- “How NIST Cybersecurity Framework 2.0 Tackles Risk Management” – Sue Poremba, Security Intelligence
- “U.S. Senators Introduce Bills to Enhance Rural Cybersecurity” – Rapid City Journal, Government Technology
- “White House grapples with harmonizing thicket of cybersecurity rules” – Christian Vasquez, CyberScoop