Yesterday, the House Homeland Security Committee held a hearing, Securing Operational Technology: A Deep Dive into the Water Sector, before the Subcommittee on Cybersecurity and infrastructure Protection that focused on securing US water systems from cyberattacks.
ICS and OT security specialists from MITRE and Dragos addressed members of the Subcommittee regarding what many water facility operators and defenders may be lacking in terms of technology, staff, and funding, and what operators can do to raise the level of security.
The witnesses emphasized the differences between IT and OT networks and the challenges of defending the latter, especially on the limited budgets.
“Only two to three percent of vulnerabilities even matter to OT operators. If you steal from IT, you steal people’s data. If you target OT, you can kill people,” said Robert M. Lee, CEO of Dragos.
To address the weaknesses in utilities and other CI environments, CISA and other agencies should expand their OT-specific cybersecurity expertise, establish baseline security requirements for OT networks, create uniform incident reporting standards all in an effort to reduce the burden on operators, Lee, Clancy, and the other witnesses suggested.
“There is a considerable opportunity for EPA to step up, CISA and FBI to systematically engage across, and the network of security vendors to make it easier for everyone to coordinate. But these modest reforms should be kept in context with the scale of the threat, and the limited amount of resources available to critical infrastructure operators, particularly in the water sector,” said Charles Clancy, senior vice president and general manager of MITRE Labs.
Mark Cooper, President & Founder, PKI Solutions:
“The role of critical infrastructure and use of OT segmentation has been a foundational approach to protecting vital infrastructure. However, the evolving cybersecurity threat, shrinking expertise, and staffing issues represent a new threat. The use of automation and intelligence tools to directly address the cyber threat and augment available skills and staffing is the only option to ensure future resilience.”
Critical infrastructure is just that. Critical. There needs to be a concerted and cross agency effort to make sure that this infrastructure is protected before it costs lives.
Related
This entry was posted on February 8, 2024 at 8:29 am and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
OT Experts Address Cybersecurity And Infrastructure Protection Subcommittee
Yesterday, the House Homeland Security Committee held a hearing, Securing Operational Technology: A Deep Dive into the Water Sector, before the Subcommittee on Cybersecurity and infrastructure Protection that focused on securing US water systems from cyberattacks.
ICS and OT security specialists from MITRE and Dragos addressed members of the Subcommittee regarding what many water facility operators and defenders may be lacking in terms of technology, staff, and funding, and what operators can do to raise the level of security.
The witnesses emphasized the differences between IT and OT networks and the challenges of defending the latter, especially on the limited budgets.
“Only two to three percent of vulnerabilities even matter to OT operators. If you steal from IT, you steal people’s data. If you target OT, you can kill people,” said Robert M. Lee, CEO of Dragos.
To address the weaknesses in utilities and other CI environments, CISA and other agencies should expand their OT-specific cybersecurity expertise, establish baseline security requirements for OT networks, create uniform incident reporting standards all in an effort to reduce the burden on operators, Lee, Clancy, and the other witnesses suggested.
“There is a considerable opportunity for EPA to step up, CISA and FBI to systematically engage across, and the network of security vendors to make it easier for everyone to coordinate. But these modest reforms should be kept in context with the scale of the threat, and the limited amount of resources available to critical infrastructure operators, particularly in the water sector,” said Charles Clancy, senior vice president and general manager of MITRE Labs.
Mark Cooper, President & Founder, PKI Solutions:
“The role of critical infrastructure and use of OT segmentation has been a foundational approach to protecting vital infrastructure. However, the evolving cybersecurity threat, shrinking expertise, and staffing issues represent a new threat. The use of automation and intelligence tools to directly address the cyber threat and augment available skills and staffing is the only option to ensure future resilience.”
Critical infrastructure is just that. Critical. There needs to be a concerted and cross agency effort to make sure that this infrastructure is protected before it costs lives.
Share this:
Like this:
Related
This entry was posted on February 8, 2024 at 8:29 am and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.