Industrial Cybersecurity Pulse
  • SUBSCRIBE
  • Threats & Vulnerabilities
  • Strategies
  • IIoT & Cloud
  • Education
  • Networks
  • IT/OT
  • Facilities
  • Regulations
  • Threats & Vulnerabilities
  • Strategies
  • IIoT & Cloud
  • Education
  • Networks
  • IT/OT
  • Facilities
  • Regulations
  • Resources
  • Helpful Links
  • Editorial Calendar
  • Advertise
  • Contribute
  • Content Partners
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
SUBSCRIBE
  • Resources
  • Helpful Links
  • Editorial Calendar
  • Advertise
  • Contribute
Industrial Cybersecurity Pulse
Subscribe
Industrial Cybersecurity Pulse
  • Threats & Vulnerabilities
  • Strategies
  • IIoT & Cloud
  • Education
  • Networks
  • IT/OT
  • Facilities
  • Regulations
  • Regulations

The Biden administration expands its focus on ICS cybersecurity

  • Albert Rooyakkers
  • October 14, 2021
Courtesy of Brett Sayles
Total
0
Shares
0
0
0
0

While President Joe Biden’s July 28 executive order establishing his industrial control system (ICS) cybersecurity initiative was focused primarily on the electricity subsector, it did say that an action plan for natural gas pipelines was underway and that initiatives for other sectors would follow later this year. The recent White House CEO summit, in which Biden solicited cross-industry cooperation in fighting cybercrime, showed some positive steps in that direction.

A key plank of the ICS cybersecurity initiative was promotion of the National Institute of Standards and Technology (NIST) cybersecurity guidelines. These lay out the zero trust architecture NIST describes as “an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets and resources.” In other words, moving the fight to the operational technology (OT) realm.

Electric adopts ICS cybersecurity initiative

The electric sector has already begun implementing the ICS cybersecurity initiative. In his opening remarks to the CEOs, Biden said the initiative has involved more than 150 utilities that serve 90 million Americans. Indeed, the energy sector had the greatest representation at the Biden meeting. In attendance were Duke Energy CEO Lynn Good, PG&E CEO Patti Poppe and Southern Company CEO Tom Fanning.

“The meeting was an essential recognition of the need to improve our nation’s defenses against existential cyber threats. A strong national cyber defense — whether against ransomware or other malicious cyber activity — requires effective public-private collaboration to ensure the federal government and the private sector are working hand-in-glove in our collective cyber defense,” said Fanning in a news release issued after the meeting.

Protecting the pipelines

Representing the oil and gas pipeline industry at the meeting were ConocoPhillips CEO Ryan Lance and Williams CEO Alan Armstrong. Not represented was Colonial Pipeline, although their example was cited as one of the reasons such cooperation is needed. “We spent quite a bit of time with our partners in the federal government over the course of our response and welcome others having a similar opportunity today,” Colonial spokesperson Kevin Feeney told the Washington Post.

Keeping water flowing

There were also indications the government ICS emphasis would extend to the water industry, as well. Representing the water industry was SJW Group CEO Eric Thornburg and American Water CEO Walter Lynch. In a statement following the meeting, Lynch pledged to work closely with NIST to develop a new framework to improve the security and integrity of the technology supply chain and guide public and private entities to build secure technology and assess the security of that technology, including open-source software. American Water has already voluntarily adopted the current NIST cybersecurity framework.

The technology sector weighs in

In addition to CEOs from the power, pipeline and water industries, which have the most at stake in securing industrial control systems, the White House summit also included the CEOs of Microsoft, Google and IBM, as well as financial and insurance industry leaders. The companies pledged billions of dollars in support for fighting cybercrime and all pledged to support the NIST framework development, as well as to apply significant resources to cybersecurity improvements and workforce development, including the following examples:

Apple

  • Will work with suppliers, including 9,000 in the U.S., on supply chain improvement, including driving the mass adoption of multifactor authentication, security training, vulnerability remediation, event logging and incident response.

Google

  • Will invest $10 billion over the next five years to expand zero trust programs, help secure the software supply chain and enhance open-source security.
  • Will help 100,000 Americans earn industry-recognized digital skills certificates.

IBM

  • Will train 150,000 people in cybersecurity skills over the next three years.
  • Will partner with more than 20 Historically Black Colleges and Universities (HBCUs) to establish cybersecurity leadership centers.

Microsoft

  • Will invest $20 billion over the next five years to accelerate efforts to integrate cybersecurity by design and deliver advanced security solutions.
  • Will make available $150 million in technical services to help federal, state and local governments with upgrading security protection.
  • Will expand partnerships with community colleges and nonprofits for cybersecurity training.

Amazon

  • Will offer to the public at no charge the same security awareness training it offers its employees.
  • Will offer all web services account holders a free multifactor authentication device to protect against cybersecurity threats like phishing and password theft.

The financial attendees got involved, too. Resilience, a cyber insurance provider, will require policy holders to meet a threshold of cybersecurity best practices as a condition of receiving coverage. Coalition, another cyber insurance provider, announced it will make its cybersecurity risk assessment and continuous monitoring platform available for free to any organization.

ICS cybersecurity by default

How such pledges will impact ICS security remains to be seen, but the fact that ICS security is increasingly present in the public discourse is certainly a good thing. It brings us one step closer to what the senior White House official who briefed the media called “baked in security.”

“We need to transition to where technology is built securely by default. … You know, we don’t buy a car and then buy the airbag separately.”

We couldn’t agree more.

– Bedrock Automation is a CFE Media content partner.

Do you have experience and expertise with the topics mentioned in this article? You should consider contributing content to our CFE Media editorial team and getting the recognition you and your company deserve. Click here to start this process.

Albert Rooyakkers

Albert Rooyakkers is founder and CEO of Bedrock Automation.

Related Topics
  • CFE Content
  • Featured
Previous Article
Image courtesy: Brett Sayles
  • Strategies

How to create a CEO cybersecurity playbook using the CIA triad

  • Kyle Milaschewski
  • October 13, 2021
Read More
Next Article
  • IT/OT

IT/OT convergence advice, cybersecurity best practices for manufacturers

  • Suzanne Gill
  • October 15, 2021
Read More
You May Also Like
Courtesy: CFE Media
Read More

What to know about the Bureau of Cyberspace and Digital Policy

New Freedom Waste Water Plant treatment plant, New Freedom, PA, is an example of how water districts recently replaced a legacy control system and now are using industrial Ethernet protocols to enable more cybersecurity resilience thanks to the Infrastructure Improvement and Jobs Act.
Read More

The 2021 Infrastructure Improvement and Jobs Act targets plant upgrades to enable resilient cybersecurity

Image contains wires plugged into a digital device.Image courtesy: Brett Sayles
Read More

CMMC 2.0 retains focus on maturity, streamlines governance and reduces cost of compliance

Courtesy: Brett Sayles
Read More

ISASecure Certification benefits

Courtesy: Brett Sayles
Read More

What is ISASecure certification?

As threat increases, college cybersecurity programs are more in demand
Read More

Structure of IEC 62443

Image courtesy: Brett Sayles
Read More

Enhance industrial network security by following IEC 62443-4-2

A lightbulb
Read More

What you need to know about the NERC CIP standards

SUBSCRIBE

GET ON THE BEAT

Keep your finger on the pulse of top industry news

SUBSCRIBE TODAY!
VULNERABILITY PULSE
  • Berkeley Internet Name Domain (BIND) - May 19, 2022
  • Mitsubishi Electric - May 19, 2022
  • Apache - May 16, 2022
  • CISA - May 16, 2022
  • Joint Cybersecurity Advisory - May 17, 2022

RECENT NEWS

  • Throwback Attack: Hackers attempt to flood Israeli water supply with chlorine
  • Will CISA recommend securing industrial control systems?
  • How to implement layered industrial cybersecurity in volatile times
  • Throwback Attack: DDoS attacks are born in the Big Ten
  • Improve two-factor authentication system security

EDUCATION BEAT

Introduction to Cybersecurity within Cyber-Physical Systems

Cyber-physical systems serve as the foundation and the invention base of the modern society making them critical to both government and business.

REGISTER NOW!
HACKS & ATTACKS
  • Ron Brash Interview: Expert advice on finding the root of the ransomware problem
  • Throwback Attack: How the modest Bowman Avenue Dam became the target of Iranian hackers
  • Minimizing the REvil impact delivered via Kaseya servers
  • Key takeaways from 2020 ICS-CERT vulnerabilities
Industrial Cybersecurity Pulse

Copyright 2022 CFE Media and Technology.
All rights reserved.


BETA

Version 1.0

  • Content Partners
  • Contact Us
  • Privacy Policy
  • Terms and Conditions

Input your search keywords and press Enter.

By using this website, you agree to our use of cookies. This may include personalization of content and ads, and traffic analytics. Review our Privacy Policy for more information. ACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT