Protect Operational Technologies and Control Systems Against Cyber Attacks

Cyber actors have demonstrated their willingness to conduct cyber attacks against critical infrastructure by exploiting Internet-accessible Operational Technology (OT) assets. Due to the increase in adversary capabilities and activities, the criticality to U.S. national security and way of life, and the vulnerability of OT systems, civilian infrastructure makes attractive targets for foreign powers attempting to harm to US interests or retaliate for perceived US aggressive.

Today, the National Security Agency and Cybersecurity and Infrastructure Security Agency released an advisory for critical infrastructure OT and control systems assets to be aware of current threats we observe, prioritize assessing their cybersecurity defenses and take appropriate action to secure their systems.

“Operational technology assets are pervasive and underpin many essential national security functions, as well as the Defense Industrial Base,” Anne Neuberger, Director of NSA's Cybersecurity Directorate noted. “We encourage all stakeholders to apply our joint recommendations with DHS CISA.”

“As we’ve said many times, our adversaries are capable, imaginative and aim to disrupt essential services, so it is important that we make sure we are staying ahead of them." Bryan Ware, Assistant Director for Cybersecurity, CISA. “Our goal at CISA is to lead and encourage a proactive ‘whole community’ assessment and response to significant threats and ensure we provide the right tools and services at the right time.”

NSA and CISA continue to collaborate on cybersecurity issues and share information about how to best secure National Security Systems, Department of Defense systems, and the Defense Industrial Base as well as other critical infrastructure, against foreign threats, ultimately keeping America and our allies safe.

CISA Adds Top Cybersecurity Experts to Join Covid-19 Response Efforts

The Cybersecurity and Infrastructure Security Agency (CISA) announced today the addition of two leading cybersecurity experts to support the agency’s COVID-19 response efforts. Josh Corman is joining CISA as a Visiting Researcher, and Rob Arnold will join CISA’s National Risk Management Center as a Senior Cybersecurity and Risk Management Advisor. Corman and Arnold were both hired using authorities granted under the CARES Act, which allows agencies to hire staff to temporarily support the COVID-19 response.

“The COVID-19 pandemic has resulted in noticeable shifts in cyber risk calculations for organizations of all sizes,” said CISA Director Christopher Krebs. “The hardware, software, and services that underpin our connected infrastructure have absolutely been tested and stressed in this telework-heavy environment. At the same time, certain organizations and sectors of our economy have become more attractive targets for adversaries.”

“This changing threat landscape demands an ‘all-hands-on-deck’ approach and for us to bring the best and brightest minds to the front lines, and the authority granted to us by the CARES Act makes it possible to quickly recruit and add top experts to our team,” added Director Krebs. “Josh and Rob are two examples of the type of innovative leaders that will help us build up our technical capabilities while at the same time improve our engagement with our industry and security researcher community partners during this critical time.”

Josh Corman has an extensive private sector and nonprofit background in IT security and public policy. Corman recently served as the Chief Security Officer at PTC and the Director for the Cyber Statecraft Initiative at the Atlantic Council’s Brent Scowcroft Center for Strategy and Security. He is also the co-founder of IAmTheCavalry.org, a non-profit collection of volunteers dedicated to improving cybersecurity in areas that can save lives. Corman was also a member of the Congressional Health Care Industry Cybersecurity Task Force, which developed a report on the state of cybersecurity in the healthcare industry. In his new role, he will advise on CISA’s integrated industry engagement efforts supporting the COVID response, provide cybersecurity expertise on healthcare infrastructure, and support CISA’s control systems and life safety initiatives.

Rob Arnold most recently served as the founder and CEO of Threat Sketch, a strategic cyber risk management firm that helps small organizations manage cybersecurity at the executive level. He has a wealth of experience in advising businesses and organizations in implementing cyber risk management practices. In addition to co-founding the North Carolina Center for Cybersecurity and authoring a book that explains cyber risk management to business executives, Arnold serves on multiple academic advisory boards for cybersecurity degree seeking programs. At CISA, he will focus on helping the agency better understand shifts in cyber risk from COVID-related factors and how the critical infrastructure community can best fortify its defenses in response.

A billion user hours lost in EU telecoms due to security incidents in 2019

The European Union Agency for Cybersecurity publishes the 9th annual report on telecom security incidents.

The report published today provides an analysis of root causes and impact of major incidents that happened in the course of 2019 and multiannual trends. The national telecom security authorities in Europe reported a total of 153 major telecom security incidents in 2019. These incident reports were submitted to the EU Agency for Cybersecurity as part of the annual summary reporting on major telecom security incidents in the EU. The reported incidents had a total impact of almost 1 Billion user hours lost.

Juhan Lepassaar, the Executive Director of ENISA, said: "Incident reporting is essential to understand different factors that play a role in cybersecurity incidents, as well as relevant issues. It helps us to see the trends and allows us to assess if the related legislation is working. This will help us to develop the right security measures, if further adjustments or clarifications are needed in the form of implementing acts, and thus improve the overall level of cybersecurity. National authorities use the reporting as a basis for targeted policy initiatives. Our role at ENISA is to make sure that the process is working and to allow the stakeholders, the Member States and the Commission to get the most out of it. We work to harmonise the security incident reporting processes across the Union, to reduce security risks and barriers to the internal market."

Jakub Boratyński, Acting Director of Directorate H in DG CONNECT commented: “Security incident reporting is important in order to get hard numbers about incidents, to analyse root causes and impact, which helps prevent future incidents. It is essential to collect this data not only at EU-level, but also at national level. The COVID-19 outbreak shows more clearly than ever the importance of securing telecom networks.”

The report published today presents an analysis of root causes, impact, and trends of major incidents. It is the 9th annual report on telecom security incidents.

Key takeaways from the 2019 incidents

  • System failures dominate in terms of impact: this category makes up almost half (48%) of the total user hours lost. It is also the most frequent root cause of incidents. Both the frequency and overall impact of system failures have been trending down significantly over the past 4 years;
  • More than a quarter (26%) of total incidents have human errors as the root cause. Human errors increased by 50% compared to the previous year;
  • Almost a third (32%) of the incidents were also flagged as a third-party failure. This means that these incidents originate at third parties, typically utility companies, contractors, suppliers, etc. This number tripled compared to 2018 when it was 9% then;
  • Looking inside the category of system failures, hardware failures are a major factor: almost a quarter of incidents (23%) were caused by hardware failures and they heavily impacted user hours amounting to 38%;
  • Power cuts continue to be an important factor: being either the primary or the secondary cause in over a fifth of the major incidents.

To access the report, please visit: https://www.enisa.europa.eu/publications/annual-report-telecom-security-incidents-2019

ENISA provides also an online visual tool - CIRAS - giving public access to the full repository of telecom security. This tool gives statistics and anonymized information about the 1200 major incidents reported over the past 9 years.

EECC broadening the scope of the telecom security incident reporting

The New EU telecom legislation, known as the European Electronic Communications Code (EECC), has to be transposed into national law by 21 December 2020.

These new rules are broader in scope, adapting to the changes in the EU’s electronic communications landscape. The new legislation will also cover so-called number-independent interpersonal communications services, such as Whatsapp and Skype. The reporting obligations will cover a broader range of telecom security incidents, including incidents having an impact on confidentiality, availability, integrity or authenticity of the communication networks and the data transmitted via those networks or services.

ENISA is working with the EU Member States to implement these changes. The annual reporting guideline is currently being updated to include new thresholds for the annual summary reporting. The EU Agency for Cybersecurity is also updating the guidelines on security measures.

General observations

National telecom authorities use incident reports for targeted policy initiatives and guidelines: the mandatory reporting helps to identify common root causes. This is how we start finding solutions to mitigate the impact of some of the biggest incidents.

Every year the annual summary reporting at EU level highlights important issues and trends: the national authorities then follow up these issues and trends in more details.

Reporting about threats: under the new provisions of the EECC, important threats will also have to be reported along with incidents. This means there is a clear need for national authorities to exchange information about ongoing attacks and important vulnerabilities, in addition to actual incidents with impact on telecom services.

The current incident reporting does not show the complete telecom security threat landscape: security incidents not causing large network disruptions currently remain out of the reporting obligations.
Background information

Electronic communication providers in the EU have to notify telecom security incidents having a significant impact to the national authorities for telecom security in their country. At the beginning of every calendar year, the authorities send summary reports about these incidents to the EU Agency for Cybersecurity.

Security incident reporting has been part of the telecom regulatory framework of the European Union (EU) since the 2009 reform of the telecom package: Article 13a of the Framework directive (2009/140/EC) came into force in 2011. The breach reporting in Article 13a focuses on security incidents with significant impact on the operation of services, such as outages of the electronic communication networks and/or services. Article 40 of the European Electronic Communications Code (EECC) will replace Article 13a by the end of 2020.

The Article 13a Expert Group was founded by ENISA back in 2010, under the auspices of the European Commission. Its purpose is to bring together experts from national telecom security authorities from across the EU to agree on a practical and harmonised approach to the security supervision requirements in Article 13a and to agree on an efficient and effective incident reporting process.

Warna Munzebrock, a representative of Agentschap Telecom, the Dutch Radiocommunications agency, now chairs the group. The Article 13 expert group meets 3 times per year and its work and deliverables can be found in the Article 13a Expert Group portal hosted by ENISA.

NIST’s Post-Quantum Cryptography Program Enters ‘Selection Round’

The race to protect sensitive electronic information against the threat of quantum computers has entered the home stretch.

After spending more than three years examining new approaches to encryption and data protection that could defeat an assault from a quantum computer, the National Institute of Standards and Technology (NIST) has winnowed the 69 submissions it initially received down to a final group of 15. NIST has now begun the third round of public review. This “selection round” will help the agency decide on the small subset of these algorithms that will form the core of the first post-quantum cryptography standard.

“At the end of this round, we will choose some algorithms and standardize them,” said NIST mathematician Dustin Moody. “We intend to give people tools that are capable of protecting sensitive information for the foreseeable future, including after the advent of powerful quantum computers.”

The latest details on the project appear in the Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process (NISTIR 8309) - https://csrc.nist.gov/publications/detail/nistir/8309/final - which was published recently. NIST is asking experts to provide their input on the candidates in the report.

“We request that cryptographic experts everywhere focus their attention on these last algorithms,” Moody said. “We want the algorithms we eventually select to be as strong as possible.”

Classical computers have many strengths, but they find some problems intractable — such as quickly factoring large numbers. Current cryptographic systems exploit this difficulty to protect the details of online bank transactions and other sensitive information. Quantum computers could solve many of these previously intractable problems easily, and while the technology remains in its infancy, it will be able to defeat many current cryptosystems as it matures.

Because the future capabilities of quantum computers remain an open question, the NIST team has taken a variety of mathematical approaches to safeguard encryption. The previous round’s group of 26 candidate algorithms were built on ideas that largely fell into three different families of mathematical approaches.

“Of the 15 that made the cut, 12 are from these three families, with the remaining three algorithms based on other approaches,” Moody said. “It’s important for the eventual standard to offer multiple avenues to encryption, in case somebody manages to break one of them down the road.”

Cryptographic algorithms protect information in many ways, for example by creating digital signatures that certify an electronic document’s authenticity. The new standard will specify one or more quantum-resistant algorithms each for digital signatures, public-key encryption and the generation of cryptographic keys, augmenting those in FIPS 186-4, Special Publication (SP) 800-56A Revision 3 and SP 800-56B Revision 2, respectively.

For this third round, the organizers have taken the novel step of dividing the remaining candidate algorithms into two groups they call tracks. The first track contains the seven algorithms that appear to have the most promise.

“We’re calling these seven the finalists,” Moody said. “For the most part, they’re general-purpose algorithms that we think could find wide application and be ready to go after the third round.”

The eight alternate algorithms in the second track are those that either might need more time to mature or are tailored to more specific applications. The review process will continue after the third round ends, and eventually some of these second-track candidates could become part of the standard. Because all of the candidates still in play are essentially survivors from the initial group of submissions from 2016, there will also be future consideration of more recently developed ideas, Moody said.

“The likely outcome is that at the end of this third round, we will standardize one or two algorithms for encryption and key establishment, and one or two others for digital signatures,” he said. “But by the time we are finished, the review process will have been going on for five or six years, and someone may have had a good idea in the interim. So we’ll find a way to look at newer approaches too.”

Because of potential delays due to the COVID-19 pandemic, the third round has a looser schedule than past rounds. Moody said the review period will last about a year, after which NIST will issue a deadline to return comments for a few months afterward. Following this roughly 18-month period, NIST will plan to release the initial standard for quantum-resistant cryptography in 2022.

Protecting Operational Technologes and Control Systems Against Cyber Attacks

Cyber actors have demonstrated their willingness to conduct cyber attacks against critical infrastructure by exploiting Internet-accessible Operational Technology (OT) assets. Due to the increase in adversary capabilities and activities, the criticality to U.S. national security and way of life, and the vulnerability of OT systems, civilian infrastructure makes attractive targets for foreign powers attempting to harm to US interests or retaliate for perceived US aggressive.

Today, the National Security Agency and Cybersecurity and Infrastructure Security Agency released an advisory for critical infrastructure OT and control systems assets to be aware of current threats we observe, prioritize assessing their cybersecurity defenses and take appropriate action to secure their systems.

“Operational technology assets are pervasive and underpin many essential national security functions, as well as the Defense Industrial Base,” Anne Neuberger, Director of NSA's Cybersecurity Directorate noted. “We encourage all stakeholders to apply our joint recommendations with DHS CISA.”

“As we’ve said many times, our adversaries are capable, imaginative and aim to disrupt essential services, so it is important that we make sure we are staying ahead of them." Bryan Ware, Assistant Director for Cybersecurity, CISA. “Our goal at CISA is to lead and encourage a proactive ‘whole community’ assessment and response to significant threats and ensure we provide the right tools and services at the right time.”

NSA and CISA continue to collaborate on cybersecurity issues and share information about how to best secure National Security Systems, Department of Defense systems, and the Defense Industrial Base as well as other critical infrastructure, against foreign threats, ultimately keeping America and our allies safe.

For more detailed information, please review the joint advisory - https://us-cert.cisa.gov/ncas/alerts/aa20-205a - which includes recently observed tactics, techniques, and procedures, as well as related recommendations.

Security Guidelines for Storage Infrastructure

Storage infrastructure—along with compute (encompassing OS and host hardware) and network infrastructures—is one of the three fundamental pillars of Information Technology (IT). However, compared to its counterparts, it has received relatively limited attention when it comes to security, even though data compromise can have as much negative impact on an enterprise as security breaches in compute and network infrastructures.

In order to address this gap, NIST is releasing Draft Special Publication (SP) 800-209, Security Guidelines for Storage Infrastructure, which includes comprehensive security recommendations for storage infrastructures. The security focus areas covered in this document not only span those that are common to the entire IT infrastructure—such as physical security, authentication and authorization, change management, configuration control, and incident response and recovery—but also those that are specific to storage infrastructure, such as data protection, isolation, restoration assurance, and data encryption.

Storage technology, just like its computing and networking counterparts, has evolved from traditional storage service types, such as block, file, and object. Specifically, the evolution has taken two directions: one along the path of increasing storage media capacity (e.g., tape, HDD, SSD) and the other along the architectural front, starting from direct attached storage (DAS) to the placement of storage resources in dedicated networks accessed through various interfaces and protocols to cloud-based storage resource access, which provides a software-based abstraction over all forms of background storage technologies. Accompanying the evolution is the increase in management complexity, which subsequently increases the probability of configuration errors and associated security threats. This document provides an overview of the evolution of the storage technology landscape, current security threats, and the resultant risks. The main focus of this document is to provide a comprehensive set of security recommendations that will address the threats. The recommendations span not only security management areas that are common to an information technology (IT) infrastructure (e.g., physical security, authentication and authorization, change management, configuration control, and incident response and recovery) but also those specific to storage infrastructure (e.g., data protection, isolation, restoration assurance, and encryption).

Guide can be downloaded at https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-209-draft.pdf

ENISA unveils its New Strategy towards a Trusted and Cyber Secure Europe

The European Union Agency for Cybersecurity (ENISA) is unveiling its new strategy, which outlines the Agency’s strengthened path towards achieving a high common level of cybersecurity across the Union. The strategy was developed to fulfil the Agency’s permanent mandate established last year by the EU Cybersecurity Act (CSA). Under the strategy, the Agency takes on the vision of ‘A Trusted and Cyber Secure Europe’ and enhanced mission: “to achieve a high common level of cybersecurity across the Union in cooperation with the wider community.''

Jean-Baptiste Demaison, Chair of the ENISA Management Board, stated: "The EU Agency for Cybersecurity with its permanent mandate and enhanced role and capabilities will be instrumental in supporting Member States and EU institutions to face the cyber challenges of the future."

Juhan Lepassaar, Executive Director of the European Union Agency for Cybersecurity, said: “Our new strategy acts as a compass, guiding the Agency’s work towards a trusted and cyber secure Europe. It will strengthen our key relationships within the cybersecurity ecosystem and equally it will be a key driver for the Agency to follow new values.”

What are the strategic objectives?

The strategy proposes concrete goals for the Agency in the form of seven strategic objectives that will set the priorities for European Union Agency for Cybersecurity in the coming years. These strategic objectives are as follows:

1 - Empowered and engaged communities across the cybersecurity ecosystem;
2 - Cybersecurity as an integral part of EU polices;
3 - Effective cooperation amongst operational actors within the Union in case of massive cyber incidents;
4 - Cutting-edge competences and capabilities in cybersecurity across the Union;
5 - A high level of trust in secure digital solutions;
6 - Foresight on emerging and future cybersecurity challenges;
7 - Efficient and effective cybersecurity information and knowledge management for Europe.

What we want to achieve?

  • An EU-wide, state-of-the-art body of knowledge on cybersecurity concepts and practices that builds cooperation amongst key actors in cybersecurity, promotes lessons learned, EU expertise and creates new synergies;
  • An empowered cyber ecosystem encompassing Member States’ authorities, EU institutions, agencies and bodies, associations, research centres and universities, industry, private actors and citizens, who all play their role in making Europe cyber secure;
  • Proactive advice and support to all relevant EU-level actors bringing in the cybersecurity dimension in the policy development lifecycle through viable and targeted technical guidelines;
  • Cybersecurity risk management frameworks that are in place across all sectors and followed throughout the cybersecurity policy lifecycle;
  • Continuous cross-border and cross-layer support to cooperation between Member States, as well as with EU institutions. In particular, in view of potential large scale incidents and crises, support the scaling up of technical operational, political and strategic cooperation amongst key operational actors to enable timely response, information sharing, situational awareness and crises communication across the Union;
  • Comprehensive and rapid technical handling upon request of the Member States to facilitate technical and operational needs in incident and crises management;
  • Aligned cybersecurity competencies, professional experience and education structures to meet the constantly increasing needs for cybersecurity knowledge and competences in the EU;
  • An elevated base-level of cybersecurity awareness and competences across the EU while mainstreaming cyber into new disciplines;
  • Well prepared and tested capabilities with the appropriate capacity to deal with the evolving threat environment across the EU;
  • Cyber secure digital environment across the EU, where citizens can trust ICT products, services and processes through the deployment of certification schemes in key technological areas;
  • Understanding emerging trends and patterns using foresight and future scenarios that contribute to mitigating the cyber challenges of the Agency’s stakeholders;
  • Early assessment of challenges and risks from the adoption of and adaptation to the emerging future options, while collaborating with stakeholders on appropriate mitigation strategies;
  • Shared information and knowledge management for the EU cybersecurity ecosystem in an accessible, customised, timely and applicable form, with appropriate methodology, infrastructures and tools, coupled and quality assurance methods to achieve continuous improvement of services.
    How will ENISA use the strategy?

The strategy’s high-level objectives are directed at shaping a more digitally secure environment for Member States, EU Institutions, Agencies and Bodies, SMEs, academia and all of Europe’s citizens. The European Union Agency for Cybersecurity will use the new strategy to map out its annual work programme to improve security across the Union, and specifically to:

  • Better identify and understand the future cybersecurity capabilities needed to maintain competitiveness and preparedness.
  • Build on the Agency’s trusted relationships with stakeholders and communities within the cybersecurity ecosystem across Europe.
  • Guide ENISA communications within and beyond the Union, to non-EU countries and international organisations.
  • Deepen the knowledge and information sharing of ENISA expertise to reach larger audiences and increase awareness of digital security.
  • Provide cybersecurity stakeholders a clear understanding of the Agency’s priorities and actions.
  • Shape the future outlook of cybersecurity across the Union.

The strategy is both an aggregation of the tasks identified by the Cybersecurity Act and the developed synergies within Articles 5-12 of the CSA.

This publication by the European Union Agency for Cybersecurity outlines the Agency’s strategic objectives to boost cybersecurity, preparedness and trust across the EU under its new strengthened and permanent mandate.

Artificial Intelligence (AI) In Healthcare Market: Dynamics, Segments, Size and Demand, COVID-19 2022

Artificial intelligence(AI) is the creation of intelligent systems that can perform tasks without human interventions and instructions. It is the constellation of different technologies such as natural language processing, machine learning, perception and reasoning. These systems use computer algorithms, and huge amount of data to provide a response to a request. AI is being adopted in healthcare using algorithm and software for the analysis of medical data with a view to predict diseases and provide proper medication. It will lead to personalization and optimization leading to improved outcomes for both patients and healthcare systems. A basic AI computer used today in clinical practices can be used for alerts and reminder, diagnostic, therapy planning, Information retrieval and image interpretation. However, glitches in communication and technical infrastructure are amongst the barriers to the growth of AI in health care.

According to Infoholic Research, the “Artificial Intelligence in Healthcare Market” is expected to reach $ 1,139.2 million by 2022, growing at a CAGR of around 62.2% during the forecast period 2016–2022.The need of pre-operative planning, high costs associated with healthcare, adoption of mobile devices and rising chronic diseases amongst masses is driving the need of integrating AI in healthcare solutions. The AI market in healthcare has high growth opportunities due to rising needs of self-care and real-time monitoring.

Technology Analysis:

The AI technology is leading towards innovation of efficient and inexpensive healthcare solutions. The major technologies involved are natural language processing, machine learning, biometric security, speech recognition and disaster recovery. The technology providers are heading towards development of innovative products and solutions for end-users. At present, NLP market is having the major share with an estimated increase to $487.7 million by 2022 growing at a CAGR of 61.6%. The increase in adoption of cloud computing, internet and innovation in network connectivity is driving the adoption of NLP in healthcare sector. Besides, NLP the second most prominent technology in healthcare is machine learning which is expected to reach $223.7 million by 2022, growing at a CAGR of 61.9%. Based on end users, the market encapsulates diagnostic centres, hospitals and clinincs, R&D and healthcare institutes. AI finds wide application in precision medicine, real- time monitoring, drug development and personal health assistants.

Regional Analysis:

North America is leading in AI in healthcare market followed by Europe. Huge investments and strict governmental regulations is driving the growth in North America. One such initiative is Patient Protection and Affordable Care Act(ACA), which is leading emphasis on cost management and integrated care delivery models. The European market is enhancing due to increased need of quality care and high cost burden associated with re-hospitalisation. The Benevolent AI, Google’s DeepMind, Skin Analytics are working for providing healthcare solutions in Europe. APAC region has high growth potential accompanied with high investment in the market especially India and China. The major part (40%) of digital transformation in APAC will be driven by AI by 2022. LAMEA is yet developing and growing in the region. The increased adoption of internet and mHealth is enhancing the growth of AI in the region.

Public Safety & Security Market to Reach $812.6 Billion by 2025

The global public safety and security market size is projected to touch USD 812.6 billion by the end of 2025, as per the report released by Million Insights, Inc. It is projected to grow with 14.8% CAGR over the forecast duration. The increasing advancement of public safety policies and regulations worldwide is projected to supplement the growth of the market in the upcoming years. These solutions offer effective measures to guarantee the protection of critical infrastructure, organizations, and individuals against several threats such as illegal drugs, illegitimate immigration, and terrorist attacks. Moreover, the increasing artificial and natural disasters are also predicted to bode well for the product demand over the estimated period.

Nations are emphasizing on incorporating regional cooperation in the cross-border disaster areas to tackle the major issues by implementing geospatial data gathering, emergency management systems, and critical communication infrastructure. Governments are coming up with standards and regulations to enhance surveillance and public safety. Surveillance systems are extensively effective for various transit agencies to monitor their remote systems, while critical communication allows secure communication between several units, which is significant in crisis management.

Owing to rapid digitalization of banking and financial systems, there have been a steady rise in the implementation of digital security to combat the growing cases of cyber-attacks. The growing awareness relating to security, exchange of old systems and the increase in harmful industrial operations are few factors propelling the product demand. Thus, to fulfill the surging demand, there has been a substantial rise in the fund allocation by nations for modernizing the old IT infrastructure and the deployment of dedicated departments to combat increasing cyber-attacks. However, the implementation cost and lack of operability between new and old systems are restraining market growth.

CISA releases new strategy to improve industrial control system cybersecurity

The Cybersecurity and Infrastructure Security Agency (CISA) released a strategy to strengthen and unify industrial control systems (ICS) cybersecurity for a more aligned, proactive and collaborative approach to protect the essential services Americans use every day.

The strategy, Securing Industrial Control Systems: A Unified Initiative is intended to help architects, owners and operators, vendors, integrators, researchers, and others in the ICS community build capabilities that lead to more secure ICS operations. Ultimately, it strives to move CISA and the ICS community beyond reactive measures to a more proactive ICS security focus.

“In recent years, we have seen industrial control systems around the world become a target for an increasing number of capable, imaginative adversaries aiming to disrupt essential services,” said Christopher Krebs, Director of CISA. “As attackers continue trying to exploit vulnerabilities in ICS, we need to make sure we’re staying ahead of them. Together with our partners in the ICS industry and the security community, this strategy will lead us to new, unified initiatives and security capabilities that will markedly improve the way we defend and secure ICS.”

Although ICS owners and operators manage their own security, CISA’s mission is to assist through delivery of a broad portfolio of ICS security products and services, especially when an exploitation may threaten people or property or undermines confidence in critical infrastructure safety and reliability.

The CISA ICS initiative is a five-year plan that builds on the collaborative work already done and the existing support CISA provides to the community. It also elevates ICS security as a priority within CISA, coalescing CISA’s organizational attention around the implementation of a unified, “One CISA” strategy. The initiative organizes our efforts around four guiding pillars:

Pillar 1: Ask more of the ICS Community, deliver more to them.

Pillar 2: Develop and utilize technology to mature collective ICS cyber defense.

Pillar 3: Build “deep data” capabilities to analyze and deliver information that the ICS community can use to disrupt the ICS cyber kill chain.

Pillar 4: Enable informed and proactive security investments by understanding and anticipating ICS risk.

The CISA ICS Strategy can be found at www.cisa.gov/ICS.

1 2 3 5