Chapter 3 – Ramping Up Critical Infrastructure Protection

Cybersecurity has become a hot topic in Washington. Since taking office, President Joe Biden has announced a series of efforts to strengthen the nation’s critical infrastructure systems (CIS) and address cybersecurity threats that are growing in scope and sophistication.

Headlines about companies – including the U.S. largest pipeline – paying ransoms to regain access to their systems have become increasingly common.

“Cyberattacks against critical infrastructure and operational environments are at an all-time high. Everyone is just waiting for the next big one to hit.”

Matt Hubbard, Senior Technical Product Marketing Manager at Armis

What is Considered Critical Infrastructure?

The Cybersecurity & Infrastructure Security Agency (CISA) lists 16 critical infrastructure sectors, including government facilities, financial services, transportation, communications, and healthcare.

Highways, bridges, railways, water systems, electric grids, hospitals, agriculture, and manufacturing are all considered critical infrastructures because they are essential to ensure the effective functioning of the economy and prosperity of the nation.

Cyberattacks on Critical Infrastructure are on the Rise

Nation-state cyberattacks against critical infrastructure have become widespread across the globe. For example, the Microsoft Exchange and SolarWinds hacks have been attributed to groups in China and Russia, respectively. These two massive attacks compromised corporations and government agencies.

According to an academic study sponsored by HP, nation-state attacks have doubled between 2017 and 2020. This research indicates that enterprises are the most common target, but government entities and critical infrastructure are vulnerable too.

Threats against CIS can have devastating consequences, from financial losses and product shortages to public health concerns. For example, earlier this year, a hacker tried to poison the water supply in Oldsmar, Florida.

White House Pushes Cybersecurity Initiatives

Growing concerns about cyberattacks are driving a series of initiatives by the federal government. The Biden Administration has often reiterated the role of cybersecurity as a national and economic security imperative.

Federal Government Modernization

President Biden signed an Executive Order in May to improve federal government networks. The new directive seeks to:

• Remove contractual barriers in order to enable improved communication sharing between IT service providers and the government.
• Modernize government infrastructure, migrating to secure cloud technologies.
• Implement stronger cybersecurity standards, such as the Zero Trust framework, multi-factor authentication, and encryption.
• Set standards for the development of software sold to the government.
• Establish a Cybersecurity Safety Review Board, which would meet to review major incidents and learn from past mistakes.
• Create a standard playbook for responding to vulnerabilities and incidents, ensuring that agencies are prepared to identify and mitigate threats.
• Enable a government-wide endpoint detection and response initiative for proactive identification and remediation of incidents.
• Create requirements for logging events as a way to enhance investigative and remediation capabilities.

Bipartisan Infrastructure Bill

The White House considers cybersecurity one of the top 10 programs in the Bipartisan Infrastructure Investments and Jobs Act. This trillion-dollar legislation includes $550 billion in new federal investment in infrastructure to boost the U.S. economy and create jobs. It’s part of the funding package:

• $65 billion for high-speed internet
• $65 billion for the power infrastructure
• $110 billion for roads, bridges, and major projects
• $108 billion for ports, airports, and rail infrastructure
• $55 billion for clean drinking water

In addition, $2 billion will be directed to cybersecurity initiatives aiming to:

• Modernize and secure federal, state, and local government IT systems and networks.
• Safeguard utilities and other critical infrastructure from cyberattacks.
• Help private and public organizations dealing with cyber incidents.

National Security Memorandum

Protecting the government’s digital assets is an important step, but not enough to minimize national security threats. It’s the private sector that owns and operates much of the United States’ critical infrastructure. That’s why President Biden issued a National Security Memorandum to establish the Industrial Control Systems Cybersecurity Initiative.

The new policy directs federal agencies to develop cybersecurity performance goals to assist organizations that provide essential services. An example has been the Department of Energy (DOE)’s 100-day plan to improve the cybersecurity of the nation’s electric grid. More recently, the Department of Homeland Security’s Transportation Security Administration announced that critical pipeline owners and operators would have to:

• Report cybersecurity incidents.
• Designate a Cybersecurity Coordinator.
• Conduct a review of their current cybersecurity practices.

Partnerships with the Private Sector

The White House has also announced partnerships with the private sector to drive cybersecurity awareness and improvements.

For example, Code.org will teach cybersecurity concepts to more than 3 million students over three years. Companies including Google, Microsoft, Apple, Amazon and IBM have all made commitments to this initiative.

Federal Zero Trust Strategy

Following up on the executive order on cybersecurity, the Office of Management and Budget (OMB) and the CISA have released a draft memo seeking public feedback on initiatives to move the federal government toward a Zero Trust architecture.

Zero Trust is a security model initially introduced by Forrester. The principle is that users and devices cannot be trusted by default and have to be continuously verified and monitored to maintain their network access.

As part of the Federal Zero Trust Strategy, agencies will be required to achieve certain milestones by the end of the fiscal year 2024. The U.S. government’s strategy supports:

• Strong identity verification practices
• Encryption and application testing (rather than perimeter security)
• Device and resources inventory and management
• AI-driven automation of security actions
• Use of secure cloud-based infrastructure and services

The Challenges of Protecting Critical Infrastructure

With the White House stepping up its cybersecurity efforts, there is also a call for business leaders to do the same.

A roadmap to increased infrastructure cybersecurity starts with the understanding that traditional security tools cannot protect those environments. ICS and operational technology (OT) devices are unmanaged. Also unmanaged are the Internet of Things (IoT) devices that have proliferated across all industries. Examples include printers, smart TVs, wireless inventory trackers, security cameras, and smartphones.

Unmanaged devices can process and transmit information but lack strong built-in security and cannot accommodate security agents. According to a 2019 Forrester Consulting study commissioned by Armis, 66% of manufacturing firms had encountered a security incident related to unmanaged and IoT devices.

Shield Your Cyber Defenses with Armis

The Armis platform begins discovering, classifying, and rating risk for all devices across your environment in real-time immediately upon installation. With this comprehensive inventory of devices and risks, security professionals can more effectively prioritize their efforts to reduce their attack surface proactively while improving their compliance and business continuity postures.

On an ongoing basis, the Armis platform helps identify and stop attacks across your organizations. The solution can provide detection and response, orchestrating automatic alerts and even security and policy enforcement.

With Armis, organizations can also implement the Zero Trust architecture – one of the best practices advanced by the White House.

Do Your Part Too. Armis is Here to Help

Take the first step to reinforce your cybersecurity defenses against cyberattacks. Book a demo with Armis and discover how our agentless platform can help you to secure critical infrastructure and operational environments.

Review IT OT Convergence Playbook Chapters:

1. Chapter 1 – IT/OT Convergence: Industry 4.0 Security Challenges
2. Chapter 2 – Is Perdue Model Obsolete? Air Gap Dissolved
3. Chapter 3 – The Urge for Infrastructure Protection 👈 you are here
4. Chapter 4 – Monitoring and Protecting Industrial Environments 👉 read next chapter
5. Chapter 5 – Network Visibility: Discover All Assets
6. Chapter 6 – Operational Downtime and Passive Monitoring
7. Chapter 7 – How to Secure Industrial Assets
8. Chapter 8 – Security Risk Assessment for ICS environments
9. Chapter 9 – Best Security Frameworks to Protect OT networks
10. Chapter 10 – ICS Zero Trust Security Framework
11. Chapter 11 – Armis Approach to CIS controls
12. Chapter 12 – ICS and Mitre Att&ck
13. Chapter 13 – 2021 Ransomware Attacks
14. Chapter 14 – Best Practices for IT/OT Convergence