The Department of Energy (DOE) engaged in conversations with industry partners in order to advance the cybersecurity of industrial control systems in the nation’s critical infrastructure, including power utilities and pipelines, according to FedScoop and E&E News.
“Private entities and key agencies formed a consortium over concerns industrial control systems (ICS) are increasingly being targeted by nation-states, hacktivists and advanced persistent threats, but such incidents aren’t being discussed,” FedScoop reported.
Since meetings took place over a week ago, a team of industry leaders have set to work with the focus of delivering a report and key recommendations by the end of July, according to Jason Haward-Grau, CISO at PAS Global.
“The DOE’s driver is enabling a safer and more secure pipeline infrastructure, there is no expectation that the accountability will change from the TSA,” said Haward-Grau. “The EU response to both the risks and the need to protect the critical infrastructure space is becoming acknowledged as a solid mechanism for governments to build upon their varied security foundations to establish the framework for cybersecurity in the operational security arena. There are more countries (and even states in the US) looking to establish the same principles, practices that are already being deployed in the EU.”
Because nation states continue to openly demonstrate their enhanced cyber offensive capabilities, governments and private industry alike are increasingly concerned about malicious actors targeting critical infrastructure. Because of the nature and importance of ICS, they are high on the list of targets, driving the growing desire to protect it.
“Coupled with the drive toward digitization of the operational technology (OT) end points, the potential attack surface for OT is growing wider and presents a more attractive target as the opportunity to ‘play the odds’ means the defenders have to be 100% successful to keep their environments secure, whereas the attackers just need to get lucky once,” said Haward-Grau.
“There is an increasing challenge in insuring that we have the right skilled resources available to drive the improved security programs as not only is there a major shortage in IT, there is a lack in OT and the difference between OT and IT is compounding the challenge.”
Source: Infosecurity Magazine