The National Cybersecurity Strategy released earlier this year takes a deeper dive into the comprehensive efforts that the administration is making in order to bolster cybersecurity. And it emphasizes the need for public and private collaboration.
Three Key Takeaways for OT Leaders from the National Cybersecurity Strategy
Richard Springer Marketing Director for OT Solutions | Fortinet
It’s been refreshing to see the Biden Administration making cybersecurity a priority. The National Cybersecurity Strategy released earlier this year takes a deeper dive into the comprehensive efforts that the administration is making in order to bolster cybersecurity. And it emphasizes the need for public and private collaboration.
Core to these efforts is securing OT, as critical infrastructure continues to be a bigger target for bad actors and carries increasing potential for significant damage with wide-reaching impacts. As an OT leader, it’s important to consider what this strategy entails and how it will impact your business.
Increased focus on critical infrastructure
The strategy is broken into five main pillars, the first of which is focused on defending critical infrastructure. One strategic objective is to harmonize baseline cybersecurity requirements for this sector. The administration advocates for greater use of frameworks and international standards like the NIST Framework for Improving Critical Infrastructure Cybersecurity and the Cybersecurity and Infrastructure Security Agency (CISA)'s Cybersecurity Performance Goals. CISA plans to scale public-private collaboration, as well.
The other four pillars are:
Disrupt and dismantle threat actors
Shape market forces to drive security and resilience
Invest in a resilient future
Forge international partnerships to pursue shared goals
The executive order deals specifically with cybersecurity issues related to critical infrastructure. The ransomware attack on the Colonial Pipeline is just one example of the disruption that can occur when attackers find a vulnerability in an organization’s cybersecurity defenses. Expanding the basic security standards and enhancing public-private sector collaboration – including better sharing of threat intelligence – are given priority in order to provide a quicker and more effective response to cyber events.
Shifting the burden
To accomplish this strategy, the administration calls for a shift or a rebalance in terms of responsibility for cybersecurity defense. As they stated in the official fact sheet, “We must rebalance the responsibility to defend cyberspace by shifting the burden for cybersecurity away from individuals, small businesses, and local governments, and onto the organizations that are most capable and best-positioned to reduce risks for all of us.” This should then filter down to provide small organizations and individuals with a sound security strategy.
This applies to the cloud as well, which, quite simply, is the future of OT. Operational technology systems contain hordes of important data with the potential to transform operations and provide competitive advantage. Bad actors know this, and they also know that cybersecurity strategy for OT is still at a low level of maturity, for the most part – a fact compounded by the additional risks that cloud computing introduces. That's one of the reasons critical infrastructure has become increasingly targeted for attack.
Considering the role cloud computing plays in the critical infrastructure a sector, the National Cybersecurity Strategy is asking cloud providers to take a significant role in creating and upholding new regulations.
For OT leaders, this is important. The key point here is that you are not alone when it comes to shoring up your organization’s defenses. Software and cloud vendors will need to step up their efforts to meet cybersecurity requirements, with the mandates moving toward security-first design. While these regulations primarily refer to vendors that deal with state and local agencies, it’s likely to have a ripple effect to other sectors, too.
Training the future of OT security
Another key part of the strategy calls for expanding the national cyber workforce and increasing diversity. Given the ongoing skills gap and talent hiring and retention issues that the cybersecurity field struggles with, any meaningful efforts made to address this are very welcome.
Core to any cybersecurity efforts are people – it’s that important third leg of the “people, processes and technology” stool. While the national efforts are by no means a replacement for organizations’ own efforts that must be made in terms of training and upskilling, knowing that there are moves underway to help with this at the national level is huge.
Yet at the organization level, due to the lack of qualified candidates for crucial IT positions, firms are now more vulnerable to breaches and other risks. The global cybersecurity workforce gap grew by just over 26% last year, and organizations continue to struggle in their recruiting and hiring efforts.
Upskilling and retraining current personnel is one method that organizations tend to forget about. Providing your staff with the opportunity to participate in advanced training and certification courses helps to enhance employee satisfaction while also keeping their skills up to date. This aligns with the Acting National Cyber Director’s plan to upskill and reskill federal workers as one way to fill the large gaps in cybersecurity roles.
Forging a stronger strategy
In the face of escalating cyber threats and evolving regulations, OT leaders must grasp the significance of the National Cybersecurity Strategy. It underscores the imperative to fortify critical infrastructure and encourages public-private partnerships to tackle these challenges collectively. A rebalancing of cybersecurity responsibility is proposed, with cloud providers and software vendors assuming more substantial roles in ensuring robust security practices. Additionally, initiatives to expand and diversify the cybersecurity workforce will aid the many organizations facing a talent shortage. OT leaders should not stand alone; the strategy envisions a collaborative path forward to safeguarding essential systems and data.
About Richard Springer
Richard Springer is the marketing director of OT Solutions at Fortinet. In this role, Rich works alongside regional marketing teams, OT product management and OT threat researchers to promote the Fortinet Fabric of OT Solutions including network security, zero-trust, security operations and AI-powered threat intelligence for IT/OT converged and OT market segments. Previously, Rich was the Head of Industrial Cyber Strategy & Development for Tripwire managing the Industrial cyber product business for Belden, including the Hirschmann and Tripwire product lines. While evolving in the business of cyber security software and hardware development, Rich provides an operational background as a prior global head of SCADA in wind energy and across various roles in the semiconductor industry and the submarine nuclear Navy. He has a BS in mechanical engineering from Oregon State University and resides in Portland, Oregon. Rich is excited to lead, educate, and develop network and cyber security solutions for his customers and global cyber community.
The content & opinions in this article are the author’s and do not necessarily represent the views of ManufacturingTomorrow
This post does not have any comments. Be the first to leave a comment below.
Post A Comment
You must be logged in before you can post a comment. Login now.