Industrial Cybersecurity Pulse
  • SUBSCRIBE
  • Threats & Vulnerabilities
  • Strategies
  • IIoT & Cloud
  • Education
  • Networks
  • IT/OT
  • Facilities
  • Regulations
  • Threats & Vulnerabilities
  • Strategies
  • IIoT & Cloud
  • Education
  • Networks
  • IT/OT
  • Facilities
  • Regulations
  • Resources
  • Helpful Links
  • Editorial Calendar
  • Advertise
  • Contribute
  • Content Partners
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
SUBSCRIBE
  • Resources
  • Helpful Links
  • Editorial Calendar
  • Advertise
  • Contribute
Industrial Cybersecurity Pulse
Subscribe
Industrial Cybersecurity Pulse
  • Threats & Vulnerabilities
  • Strategies
  • IIoT & Cloud
  • Education
  • Networks
  • IT/OT
  • Facilities
  • Regulations
  • Threats & Vulnerabilities

How the American Jobs Plan could improve critical infrastructure cybersecurity

  • Robert Fairfax
  • August 16, 2021
Many wonder where to start when attempting to protect embedded systems in OT cybersecurity? Here are some great places to start.
Courtesy: Brett Sayles
Total
0
Shares
0
0
0
0

Some of the key provisions of the American Jobs Plan that support critical infrastructure cybersecurity include:

  • Make $20 billion in energy infrastructure investments for state, local and tribal governments contingent on cyber modernization
  • Create a new tax credit for transmission infrastructure that will help finance cyber technologies for the electric grid
  • Improve security monitoring and incident response activities [by providing an additional $650M in funding to the Cyber Security and Information Agency (CISA) for the stated purposes]

If carried out as described, the actions proposed in the American Jobs Plan will help bolster the cybersecurity posture of American critical infrastructure. However, they do not go far enough to address the vast scale and scope of the problem we are facing. While the disruption of the Colonial Pipeline was certainly significant, as reported the attack was simply commoditized ransomware –nation states and cybercriminals currently have the capability to destroy and disable critical infrastructure for far longer than we saw with Colonial by targeting OT systems rather than IT systems.

As information technology (IT) and operational technology (OT) systems have converged, cyber adversaries have become increasingly aggressive in pursuing cyber-physical effects such as critical infrastructure downtime, asset damage, and process manipulation. This has put business continuity and human safety at risk, and further ensured that adopting zero-trust visibility at every level of the industrial control system (ICS) is critical to an organization’s security posture.

While the described block grant and tax credit programs are certainly needed, smaller critical infrastructure organizations often lack sufficient expertise in OT security best practices to properly monitor and defend their critical assets. These programs must also be followed up with technical assistance beyond existing government frameworks (such as NIST’s Guide to Industrial Control System Cybersecurity) that recommends specific technology stacks so that recipients can most effectively leverage these programs.

The scope of potential recipients of block grant programs should be expanded to ensure that small privately-owned utilities and rural electric co-ops are included. These organizations are critical to our nation’s energy infrastructure, yet only municipal public utilities appear to be included as eligible for the DOE-administered block grants. By helping State, Local, and Tribal governments as well as privately-owned critical infrastructure organizations secure adequate resources, develop domain expertise, and procure effective technologies, the Biden Administration can encourage robust adoption that helps to enhance the cybersecurity posture and resiliency of the nation’s critical infrastructure.

This article is originally from Cynalytica. Cynalytica is a CFE Media content partner.

Cynalytica, Inc., is a partner member of the Control System Integrators Association (CSIA). For more, visit the company profile on the Industrial Automation Exchange.

Do you have experience and expertise with the topics mentioned in this article? You should consider contributing content to our CFE Media editorial team and getting the recognition you and your company deserve. Click here to start this process.

Robert Fairfax

Rob Fairfax, financial officer, Cynalytica

Related Topics
  • CFE Content
  • Featured
Previous Article
Image courtesy: Brett Sayles
  • Networks

Improve legacy critical infrastructure protection

  • Robert Fairfax
  • August 13, 2021
Read More
Next Article
  • Threats & Vulnerabilities

The elevation of cybercrime to terrorism threat status

  • Marcus Fowler
  • August 17, 2021
Read More
You May Also Like
Courtesy: CFE Media and Technology
Read More

Throwback attack: The U.S. hits Russia with the first logic bomb attack

Cybersecurity Locks
Read More

Throwback attack: Kevin Poulsen wins a Porsche (and hacks the U.S. government)

Read More

Throwback Attack: Hacker steals source code for Half-Life 2 video game

Courtesy: CFE Media
Read More

Throwback Attack: Petya, the red skull of ransomware

Test 2 Alt Text
Read More

Throwback Attack: ILOVEYOU, a love letter no one wanted

A hacker in the background.
Read More

Throwback Attack: The Morris Worm launches the first major attack on the internet

Image courtesy: Brett Sayles
Read More

Throwback Attack: Teamsters refuse to pay after Labor Day cyberattack

Read More

I’m sorry, we’re closed: Why most ransomware attacks happen out of hours

SUBSCRIBE

GET ON THE BEAT

Keep your finger on the pulse of top industry news

SUBSCRIBE TODAY!
VULNERABILITY PULSE
  • Mitsubishi Electric - June 14, 2022
  • Meridian Cooperative - June 14, 2022
  • Johnson Controls - June 14, 2022
  • Microsoft - June 14, 2022
  • Citrix - June 14, 2022

RECENT NEWS

  • Protecting the power grid through cyber-physical threat response
  • How to secure Industry 4.0 in a highly connected world
  • Managing external connections to your operational technology (OT) environment
  • Webcast: Addressing Cybersecurity Challenges in Industry 4.0
  • How a desert water utility helped protect critical infrastructure

EDUCATION BEAT

Introduction to Cybersecurity within Cyber-Physical Systems

Cyber-physical systems serve as the foundation and the invention base of the modern society making them critical to both government and business.

REGISTER NOW!
HACKS & ATTACKS
  • Ron Brash Interview: Expert advice on finding the root of the ransomware problem
  • Throwback Attack: How the modest Bowman Avenue Dam became the target of Iranian hackers
  • Minimizing the REvil impact delivered via Kaseya servers
  • Key takeaways from 2020 ICS-CERT vulnerabilities
Industrial Cybersecurity Pulse

Copyright 2022 CFE Media and Technology.
All rights reserved.


BETA

Version 1.0

  • Content Partners
  • Contact Us
  • Privacy Policy
  • Terms and Conditions

Input your search keywords and press Enter.

By using this website, you agree to our use of cookies. This may include personalization of content and ads, and traffic analytics. Review our Privacy Policy for more information. ACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT