As we have seen since May 7, cybersecurity of critical infrastructure has taken a front seat in the national conversation. We are living through a cybersecurity incident that extends well beyond the confines of the operational environment and into the nation’s daily life. We are all witness to how debilitating a cyber incident can be.
While the full impact of the Colonial Pipeline incident continues to be determined, here’s what we know:
The federal government has responded with a significant move in President Biden’s latest executive order (EO). It reaches deeper into the private sector and delves into significantly more focus on operational technology (OT). Highlights of the EO:
But the question for operators of critical infrastructure is how to protect and mitigate the cybersecurity risk and maneuver through the changing cyber policy landscape.
1898 & Co. advises a multipronged approach to OT cybersecurity — identify, protect, detect, respond and recover. The first focus on protection deals with changing the way OT looks at the current cybersecurity model — from perimeter-based to zero-trust. Traditional perimeter-based security models that rely on implicit trust and network access are falling short of protecting the connected infrastructure needed for digital transformation and grid modernization. A zero-trust security approach to OT/ICS/SCADA networks and operations can reduce risk by having users and devices authenticated with each access point before receiving access. The new EO specifically calls for the implementation of zero-trust security as one of the primary mechanisms to defend critical assets.
Supplementing the OT zero-trust security model with monitoring is imperative. Having visibility to the most critical assets and monitoring those assets can enable operators to detect breaches and intrusion when all preventive protection fails. Furthermore, monitoring and subsequent detection allow for better informed decisions to contain an attack.
The third area of focus is on the response to the intrusion. An operator’s plan for how to respond to an incident will make a difference in the overall impact of an event. It is recommended to have an incident response retainer in place that offers the opportunity for the organization to walk through scenarios and determine the course of action so it will not be caught unprepared. The 1898 & Co. Incident Response retainer also focuses on incident preparedness in a proactive manner, which is key to efficient execution of the incident response plan.
As cybersecurity continues to rank as a top business continuity risk, we encourage everyone in critical infrastructure to take proactive steps toward preparedness and resiliency.
1898 & Co. and Xage Security recently conducted a joint webinar that discussed the benefits of the zero-trust security approach to OT/ICS/SCADA networks and operations.