Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

An Infrastructure Plan in the 21st Century Needs to Address Cybersecurity

U.S. President Trump is expected to discuss his long-awaited infrastructure plan in tonight’s State of the Union address, but we should not expect full details for a few more weeks. The focus on upgrading our roads, bridges, tunnels and other physical infrastructure is welcome. But we need to do more than address these weak brick-and-mortar foundations. A real 21st century infrastructure plan needs to integrate digital infrastructure into physical upgrades and invest in innovative technologies that will keep America globally competitive and secure.

Today, it’s just a fact that the technology which makes things like education and healthcare more accessible to more Americans – the rise of cloud, mobile and IoT – also makes us more vulnerable to cyberattacks. The stakes could not be greater, particularly when it comes to our critical infrastructure.

Cyberattacks on critical infrastructure are rising

The U.S. Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) recently detected coordinated efforts by malicious actors to compromise our critical infrastructure, including those organizations involved in government, aviation, power production, energy production and critical manufacturing sectors. Further, the U.S. Department of Energy reported last year that America’s electricity infrastructure was in “imminent danger” from cyberattacks that are “growing more frequent and sophisticated.”

It’s no surprise that cyberattacks on critical infrastructure are rising. Organizations in the sector are high-value targets because they’re weakly defended systems that, if hacked, could help disrupt a network of utilities or oil and gas companies, potentially cutting off essential public services such as electricity, gas and water. 

Ensuring security of critical infrastructure requires collaboration 

So, how can the federal government ensure the security of critical infrastructure in the implementation of a broader infrastructure plan?

For starters, government regulators need to work with industry to develop standards. For example, the Federal Regulatory Commission (FERC) proposed new rules to protect the power grid from cyberattacks and the U.S. Department of Commerce is expected to issue an update to its cybersecurity framework for critical infrastructure early this year. These are both laudable steps.

But, in an environment where attacks are probable more than possible, early detection is key. Every organization needs to proactively develop the tools and capability to rapidly respond and recover in the event of a breach or attack. That’s why Tenable recently began a partnership with global energy leader Siemens to help operators of critical infrastructure continuously monitor both their traditional IT environment and Industrial Control Systems (ICS) environment for indicators of compromise, proper configuration, the presence of vulnerabilities and changes of state to the endpoints.

The public and private sectors also need to work together to assess the security of critical infrastructure sectors and develop a risk-based approach to address it, similar to the widely successful NIST Cybersecurity Framework. More broadly, we need tech advocates in Congress like Reps. Will Hurd and Gerry Connolly to play a leading role in ensuring the latest technology and security solutions are seeded into proposals for new construction and upgrades.

Smart infrastructure investments must address digital infrastructure, too

The bottom line? If America is going to invest $1 trillion in our infrastructure, it must include significant investments in digital infrastructure, so that we can take advantage of new innovations which will save lives, boost our economy and protect against the cybersecurity threats posed by a more connected society.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.