The bipartite infrastructure framework cannot forget about cybersecurity
Cyber security is one of our most critical challenges, ranging from the safety and security of personal devices to the power grid. Keeping cyber defense at the heart of infrastructure modernization programs is essential to ensure that our country’s information remains safe from potential hackers. However, a recent Audit conducted by the Inspector General of the Department of Defense revealed that the DoD and the Department of Homeland Security could improve their implementation of key elements of a 2018 memorandum outlining the cybersecurity partnership between the two organizations, jeopardizing the critical infrastructure of our country. The opportunity for the DoD and DHS to establish a cyber defense implementation plan in conjunction with the Biden administration’s investment in cybersecurity initiatives across the Bipartite infrastructure framework and American employment plan demonstrates to what extent technological modernization and digital transformation programs are a priority for this administration. As the Biden administration rolls out these programs, cyber defense must be at the heart and perimeter of all modernization initiatives.
that of the White House National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems is a welcome call to action for owners and operators of critical infrastructure to better protect the essential services that enable the American way of life. In practice, however, cybersecurity measures focus only on Information Technology-0 and do not take into account the limitations of operational technology (TO). OT is large and, if not properly secured, can be the gateway to other networks and / or points of failure that can lead to disastrous results. Indeed, a recent report Discovered 14 vulnerabilities affecting NicheStack, a proprietary TCP / IP stack commonly found in OT devices in several critical infrastructure areas. Vulnerabilities such as NicheStack illustrate the importance of recognizing that IT and OT environments converge and thus create an urgent need to secure these converged networks. According to the recent National Security Agency report cybersecurity consulting, “Without direct action to strengthen OT networks and control systems against vulnerabilities introduced by intrusions into computer and business networks, owners and operators of OT systems will remain at untenable levels of risk.” ”Accordingly, to be eligible for grants, the American Jobs Plan has specifically requires state and local governments to install technology that detects and blocks malicious cyber activity on computer and OT networks. This is a great example of using cybersecurity to protect all high-risk entry points.
Adopting a zero trust model is also imperative to creating a comprehensive and modern cybersecurity program. When adopting a zero trust model, it is assumed that not all devices are trustworthy and thus implements mitigation actions such as dynamic network segmentation. However, a historical challenge to this approach has been the lack of a single product that can achieve network segmentation across an entire enterprise, one that includes both IT and OT assets, resulting in fragmented environments that are expensive to maintain and inefficient in providing security. protections he needs. The US Jobs Plan and Biparty Infrastructure Framework must emphasize to public and private industries that a zero-trust cybersecurity model is essential to cyber defense and implement network segmentation in all environments.
Finally, with the widespread adoption of cloud-based technologies and cloud computing, cloud security has never been more important. The US bailout has allocated $ 1 billion for the Technology Modernization Fund to facilitate the transition to secure cloud infrastructure. Federal agencies will need to ensure that information is protected and secure during this relocation. Integrating new tools into existing networks and workflows is complex regardless of the environment, but there are similarities between security principles and the processes used to secure both campus and cloud environments. This means that to maintain cloud security, federal agencies must break down security management silos between campus and cloud information.
With the American Jobs Plan and the Bipartisan Infrastructure Framework, the White House is on track to modernize technology with cybersecurity at its heart. However, further guidance is still needed to ensure that recipients of these funds prioritize cybersecurity when implementing modernization programs in their organizations. As cyber attacks continue to affect our nation’s most valuable information and resources, it is essential that cyber defense systems remain a priority for all Americans.
Yejin Jang is Director of Government Affairs at Forescout Technologies, Inc.