Strategy, Harmony & Research: Triaging Priorities for OT Cybersecurity

The mission of the Cybersecurity and Infrastructure Security Agency is to lead the national effort to understand, manage, and reduce risk to the cyber and physical infrastructure that Americans rely on every hour of every day.
CISA is not responsible for setting and articulating your organization's cybersecurity policies, controls, and mitigations.
Experts recently reflected on the CISA 2024-2026 strategic plan, asking if intended risk reduction efforts are measurable and impactful, and if implementing the plan's Cyber Performance Goals reduce cyber-risk to critical infrastructure.
We need to better understand the national inventory of operational critical components and how to defend them based on an effects-based, rather than a means-based, approach to protecting critical infrastructure.
Threading the tapestry of risk across critical infrastructure requires a more granular and purposeful model than current approaches deliver.
If the underlying effort from ONCD's national cybersecurity strategy is the development of shared services to reduce costs, especially for target rich, resource poor organizations, operational technology should be a primary focus, not considered out of scope for the ongoing regulation harmonization efforts.
Sector Risk Management Agency Capacity Building In a perfect world, there would be a dedicated cybersecurity subject matter expert at the federal level for each critical infrastructure sector, either within the SRMAs or at CISA. In lieu of this reality, cybersecurity research and development encapsulates the entire supply chain - management of suppliers, enterprise incident management, the development environment, products and services, upstream supply chain, operational technology, and downstream supply chain - aligned to the CISA CPGs as a baseline.
Without contextualizing the broad problem set that is critical infrastructure cybersecurity, we risk two poor outcomes.
First, increasing the cost of compliance-based cybersecurity to the extent that small to medium-sized businesses cannot afford to meet expensive and prescriptive cybersecurity regulations.
CISA Cyber-Physical R&D Gaps Federal cybersecurity research and development has a blind spot when it comes to holistic and national understanding of operational technology and industrial control systems.
Its white paper on RD&I Needs and Strategic Actions for Resilience of Critical Infrastructure has been largely ignored in the broader federal regulatory conversation, despite its release in March 2023.
Gap 1: An integrated analysis of consequences and risk reduction decision factors for critical services that depend on cyber-physical infrastructure systems.
Need: A systemic understanding of interconnected cyber-physical infrastructure risk to critical services from the local to national scales.
Need: Common definitions, standards, and metrics for measuring effectiveness of infrastructure resilience interventions.
Gap 2: User-engagement in cyber-physical infrastructure research to translate resilience knowledge into effective action at the local and regional level.
Need: Empirical investigation of how the regulatory system may constrain or enable enhancements to the resilience of cyber-physical infrastructure.
Need: Identify the institutional conditions for effective infrastructure governance and adaptive capacity.
Onward and Upward In the meantime, baselining critical infrastructure resilience remains one of CISA's major goals for its 2024-2026 strategy.
The broader national cybersecurity strategy has three umbrella focus areas: addressing immediate threats, hardening the terrain, and driving security at scale.
A synergistic goal of the CISA CPGs is to map cybersecurity standards and controls to cybersecurity outcomes.


This Cyber News was published on www.darkreading.com. Publication date: Wed, 06 Dec 2023 15:00:06 +0000


Cyber News related to Strategy, Harmony & Research: Triaging Priorities for OT Cybersecurity

Strategy, Harmony & Research: Triaging Priorities for OT Cybersecurity - The mission of the Cybersecurity and Infrastructure Security Agency is to lead the national effort to understand, manage, and reduce risk to the cyber and physical infrastructure that Americans rely on every hour of every day. CISA is not responsible ...
1 year ago Darkreading.com
Fortinet Contributes to World Economic Forum's Strategic Cybersecurity Talent Framework - Shining a light on the cybersecurity workforce challenge, the World Economic Forum recently published its Strategic Cybersecurity Talent Framework, which is intended to serve as a reference for public and private decision-makers concerned by the ...
7 months ago Feeds.fortinet.com
Harmony Horizon Bridge and Lazarus APT Activities Revealed - SecurityAffairs recently shed light on a report by FireEye security researchers about the activities of the Harmony Horizon Bridge and Lazarus APTs. The report includes a new variant of the Bridge malware named “Ovorum”, as well as the TVShow ...
1 year ago Securityaffairs.com
How to become a cybersecurity architect - Cybersecurity architects implement and maintain a comprehensive cybersecurity framework to protect their company's digital assets. The cybersecurity architect position is a fundamental role that all organizations need, said Lester Nichols, director ...
5 months ago Techtarget.com
Is Your Organization Infected by Mobile Spyware? - The surge in mobile device usage within organizations has inevitably opened the floodgates to a new kind of cyber threat-mobile spyware. The growing dependence on mobile technology has made it imperative for organizations to recognize and mitigate ...
1 year ago Blog.checkpoint.com
Student Cybersecurity Clubs: Fostering Online Safety - Student cybersecurity clubs are playing a crucial role in promoting online safety among students. Student cybersecurity clubs play a vital role in this regard, as they provide a platform for students to learn about the latest threats, share best ...
11 months ago Securityzap.com
Understanding the New SEC Rules for Disclosing Cybersecurity Incidents - The U.S. Securities and Exchange Commission recently announced its new rules for public companies regarding cybersecurity risk management, strategy, governance, and incident exposure. "Currently, many public companies provide cybersecurity disclosure ...
1 year ago Feeds.dzone.com
Growing threats outpace cybersecurity workforce - The cybersecurity skills shortage threatens the well-being and even survival of numerous businesses as cybersecurity threats grow more numerous, sophisticated, and dangerous to the point that cybersecurity groups have vowed not to pay ransom demands. ...
10 months ago Legal.thomsonreuters.com
What the cybersecurity workforce can expect in 2024 - For cybersecurity professionals, 2023 was a mixed bag of opportunities and concerns. The good news is that the number of people in cybersecurity jobs has reached its highest number ever: 5.5 million, according to the 2023 ISC2 Global Workforce Study. ...
11 months ago Securityintelligence.com
Cybersecurity Training for Business Leaders - This article explores the significance of cybersecurity training for business leaders and its crucial role in establishing a secure and resilient business environment. By examining the key components of effective training programs and the ...
10 months ago Securityzap.com
The US Needs To Follow Germany's Attack-Detection Mandate - To effectively combat these threats, the US needs to adopt a comprehensive and proactive approach to cybersecurity, similar to the one taken by Germany with its IT-SiG 2.0 mandate. The IT-SiG Approach Compared With the US's Current Capabilities One ...
1 year ago Darkreading.com
Cybersecurity Curriculum Development Tips for Schools - With the constant threat of cyber attacks, schools must prioritize the development of a robust cybersecurity curriculum to equip students with the necessary skills and knowledge. This article provides valuable insights and tips for schools aiming to ...
11 months ago Securityzap.com
The Importance of Cybersecurity Education in Schools - Cybersecurity education equips students with the knowledge and skills needed to protect themselves and others from cyber threats. Cybersecurity education can teach students about the impact of cyberbullying, how to prevent it, and how to respond ...
1 year ago Securityzap.com
Beyond Mere Compliance - Too often we continue to see executives whose approach to cybersecurity - compliance rather than protection - is strikingly similar to that of the ill-advised business owner whose minimal fire protection is designed only to meet the building code. ...
11 months ago Cyberdefensemagazine.com
African Organizations Aim to Fix Cybersecurity in 2024 - Faced with numerous cybersecurity threats and challenges, but lacking adequate cyber training, African nations hope to develop the depth of skills needed to defend against attackers in 2024. In December, for example, the University of Lagos, the ...
11 months ago Darkreading.com
Digital Learning Tools for Cybersecurity Education - In the field of cybersecurity education, digital learning tools have become indispensable. This article explores various digital learning tools tailored specifically to cybersecurity education. These digital learning tools play a crucial role in ...
11 months ago Securityzap.com
Key cybersecurity skills gap statistics you should be aware of - As the sophistication and frequency of cyber threats continue to escalate, the demand for skilled cybersecurity professionals has never been bigger. The skills gap is not merely a statistical discrepancy; it represents a substantial vulnerability in ...
11 months ago Helpnetsecurity.com
Gamification in Cybersecurity Education - Gamification has become increasingly prevalent in numerous domains, including cybersecurity education. Gamification presents a promising approach to meet this challenge, making cybersecurity education both effective and enjoyable. One way to ...
11 months ago Securityzap.com
Cybersecurity Curriculum Development Tips - In this article, we will explore essential tips for developing a comprehensive and up-to-date cybersecurity curriculum. By staying abreast of the latest industry trends, educational program developers can ensure that their curriculum remains relevant ...
11 months ago Securityzap.com
Cyber Employment 2024: Sky-High Expectations Fail Businesses & Job Seekers - Well-publicized estimates of a massive shortfall in cybersecurity workers have resulted in high expectations among job seekers in the field, but the reality often falls flat, because of a mismatch between companies' requirements and job seekers' ...
11 months ago Darkreading.com
Cybersecurity is a Team Sport - Good security hygiene needs to be a fundamental part of company culture, and leadership should make it clear that proper security practices are part of achieving business objectives. Infusing security and operational resilience throughout the ...
1 year ago Darkreading.com
Roundup: Federal action that shaped cybersecurity in 2023 - As 2023 draws to a close, it's time to look back on our top five federal cyber stories of the year: a compilation of pivotal moments and key developments that have significantly shaped the landscape of cybersecurity at the federal level. These ...
11 months ago Securityintelligence.com
How to Avoid Falling Below the Cybersecurity Poverty Line - The security poverty line broadly defines a divide between the organizations that have the means and resources to achieve and maintain mature security postures to protect data, and those that do not. It was first coined by cybersecurity expert Wendy ...
1 year ago Csoonline.com
Cybersecurity Workshops for Students - Cybersecurity workshops for students serve as an effective means to educate and empower the younger generation in protecting their digital assets. With proper planning and organization, cybersecurity workshops enable students to navigate the digital ...
11 months ago Securityzap.com
Developing Cybersecurity Awareness Programs for Schools - Schools are increasingly becoming targets for cyberattacks, necessitating the development of robust cybersecurity awareness programs. Ultimately, a comprehensive cybersecurity awareness program is essential for schools to mitigate risks, enhance ...
11 months ago Securityzap.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)