.png?width=40&height=40&name=search%201%20(1).png){kind=small}
Although you may find a certain amount of political turmoil in the United States, there’s a surprising amount of consensus in Washington about cybersecurity.
Both parties agree that there’s no room for complacency in the face of large-scale breaches such as the SolarWinds supply-chain attack, in which thousands of public- and private-sector entities fell victim to a hacking campaign sponsored by a foreign government, and smaller-scale incidents such as the Oldsmar water plant hack, in which an as-yet unidentified malicious actor nearly succeeded in contaminating water supplies in a Tampa suburb. What’s more, they both seem to agree that the federal government needs to mount a response that brings all the parties involved together under a single umbrella.
For example, the bill that members of the House of Representatives’ Committee on Homeland Security introduced on March 11. This legislation, which is known as the DHS Industrial Control Systems Enhancement Act of 2021, enjoys bipartisan support. It calls for amending the Homeland Security Act of 2002 so as to ensure that the Cybersecurity & Infrastructure Security Agency (CISA) can serve as the leader of national efforts to protect critical infrastructure, especially industrial control systems (ICS), from cyberattacks. John Katko, the New York congressman who co-sponsored the bill, said in a statement that the amendment would help CISA establish and centralize the capacity it needs to work voluntarily with infrastructure operators on cybersecurity issues.
Likewise, the Biden administration is talking about taking steps to ensure that cybersecurity initiatives don’t get bogged down in bureaucratic turf wars. On March 31, CISA’s parent organization, the Department of Homeland Security (DHS), announced that it was launching a package of cybersecurity initiatives that consisted of six separate 60-day “sprints,” one of which will emphasize the resilience of ICS. According to Homeland Security Secretary Alejandro Mayorkas, all of these sprints will focus on breaking down inter-agency barriers that can slow responses to cyberattacks. These efforts will help the federal government prepare for the issuance of an executive order designed to improve threat detection, speed up responses to attacks, and expand information sharing, he said.
On the legislative side, the introduction of the DHS Industrial Control Systems Enhancement Act of 2021 in the House of Representatives indicates that concerns about cyberthreats transcend party lines. It also shows that legislators of different political persuasions understand the need to set up a centralized body that can lead, coordinate, and direct the federal government’s response to emerging cyberattacks – as well as the need for that body to work cooperatively with the private sector.
On the executive side, DHS’ 60-day sprints represent a step forward, in that they are designed to help federal agencies communicate more easily and more effectively with each other when cybersecurity issues are in play. They also appear to be laying the groundwork for a policy environment in which government agencies and private companies have more opportunities to work together to combat cyberthreats.
There’s plenty more work to be done on this front. For one thing, the DHS Industrial Control Systems Enhancement Act of 2021 has multiple hurdles to scale on the path towards becoming a law, and Mayorkas’ DHS has yet to fire the starting gun for the 60-day sprints. For another, neither the legislative nor the executive branch has yet identified all the bureaucratic and logistical obstacles that might stymie efforts to mount a unified response to emerging cyberthreats.
Even so, there seems to be a consensus that the future will involve more cooperation and consultation between the federal government and the private sector with respect to cybersecurity. It may take time for this new collaborative environment to take shape, but privately-owned companies and infrastructure operators don’t have to take a wait-and-see approach. They can use the time to learn more about the standards that federal agencies have adopted and consider whether they might benefit from taking similar steps.
As the Federal Government works to bolster cybersecurity strategies, whether it is implementing federal standards and priorities, such as the Zero Trust strategy, the Department of Defense (DoD) migration to the cloud with the Joint Enterprise Defense Infrastructure (JEDI) project, or facilitating the CISA's 5-year strategy highlights need for visibility in ICS, Garland Technology has over a decade’s track record of providing visibility solutions for the federal government.
We have provided unidirectional data diodes and multiple types of ruggedized Network TAPs for federal agencies’ use, including portable and easy-to-use TAPs for civilian and Department of Defense (DoD) rapid response teams, as well as custom-developed network TAPs for extreme environments.
As a trusted leader in critical infrastructure visibility, we work with both Federal and private sector companies to ensure proper connectivity, because we understand that you can’t secure what you can’t see. Instilling a core belief in implementing fundamental best practices in visibility architecture and eliminating network blind spots so that your security tools can detect threats and anomalies and carry out continuous monitoring. We’re aware that your ICS may be part of a wide array of connected devices that are not all seamlessly integrated with existing information technology (IT) structures. We offer visibility into system inventories of all the networked devices and ICS that are being monitored so that you can see exactly what facilities are connected to your networks (and who is active on those networks).
We’re prepared to help teams benefit from ongoing efforts to consolidate, streamline and strengthen federal responses to cyberthreats affecting ICS and critical infrastructure. Looking to add visibility to meet CISA recommendations, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do.
