As cyberthreat actors increasingly target critical infrastructure, both the federal government and private sector have key roles to play in securing essential services. Here are some of the latest joint efforts advancing this mission.
Every day, we turn on lights, run the water and charge our devices without thinking anything of it. But the reality is the vast infrastructure of operational technology (OT) that makes these things possible is increasingly exposed to serious cyberthreats. Bad actors and foreign state actors know how much we rely on our critical infrastructure and are happy to exploit that reliance.
Across the cyber industry, there’s a heightened focus on OT security, including here at Tenable, where we’re making important strides. But the private sector can’t do this alone – the federal government has an important role to play too, and it will take a collaborative, whole-of-government partnership with industry to effectively secure the nation’s OT.
Breaking down silos within the federal government
Put simply, OT cybersecurity is too important to be managed in silos. Cross-agency collaboration in the federal government and with industry can help improve vulnerability management by sharing actionable information between agencies, limiting duplicative efforts and improving results. Recently, the Departments of Homeland Security (DHS), Energy (DOE) and Defense (DOD) extended their joint effort to develop common cyberthreat indicators and defense capabilities to protect critical infrastructure in the energy sector, allowing them to share threat information, better patch vulnerabilities and more. This is good progress, as doing so will help all three agencies improve their cyber capabilities without duplicating efforts.
The role of the private sector
The federal government has an important role to play in OT security, and they’re headed in the right direction. But we can take this even further. The private sector brings forth an incredible amount of expertise, innovation and research that’s critical to solving this problem. Just like we can’t do it without our partners in government, they can’t secure the nation’s critical infrastructure without us.
Just this month, the National Institute for Standards and Technology’s (NIST) National Cybersecurity Center for Excellence (NCCoE) announced a project with ten private sector companies, including Tenable, to develop a practical solution, aligned with the NIST Cybersecurity Framework, to help manufacturers protect their industrial control systems (ICS) from cyberattacks. The result of the project – a freely available guide for companies and organizations to leverage – is exactly the type of public-private partnership we need to solve some of our greatest OT challenges.
There are also other programs already in place that should be expanded upon, like the ICT Supply Chain Risk Management Task Force, which brings together industry leaders to work with CISA on important supply chain issues. Further, the IT Sector Coordinating Council (IT-SCC) coordinates with the Department of Homeland Security and the federal government on critical infrastructure protection and cybersecurity issues. Linking the Task Force’s OT expertise and the IT-SCC’s cybersecurity recommendations and guidance with initiatives like the Control Systems Interagency Working Group (CSIWG) Executive Engagement Forum (EEF) would go a long way in promoting advanced OT security.
At Tenable, we’re proud to work with our government partners on important cybersecurity issues every day, and we look forward to helping improve cross-functional collaboration for OT security to help keep the nation’s critical infrastructure running.