Understanding How the U.S. National Cybersecurity Strategy Impacts Your Business
Protecting Critical Infrastructure
The U.S. National Cybersecurity Strategy sets out a comprehensive cybersecurity plan consisting of five pillars:
- Defend critical infrastructure;
- Disrupt and dismantle threat actors;
- Shape market forces to drive security and resilience;
- Invest in a resilient future;
- Forge international partnerships to pursue shared goals.
Although the strategy is not precise in terms of how the goals will be accomplished, it is a clear indicator that cybersecurity is a critical concern at the highest level. Technology is being treated as a component of critical infrastructure, which means the importance of protecting technology has been elevated. And minimum cybersecurity requirements will apply across industries because of the close relationship between government operations and private providers.
The U.S. government is looking to companies to increase cybersecurity vigilance and to develop processes that decrease the likelihood of an incident, as well as improved ability to recover should one occur.
Taking the Lead
A group of private companies, including ABS Group, has taken the initiative to help improve cooperation between the public and private sectors by setting up a platform for sharing data that will help the OT community rapidly identify, assess, and respond to potential and emerging threats.
ETHOS (Emerging THreat Open Sharing), an open-source, vendor-agnostic technology platform for sharing anonymous early warning threat information across industries, will function like a hotline that correlates information from many security vendors to identify anomalous behaviors. The objective is to use this platform to help strengthen cybersecurity defenses across industries and ensure more effective government communication and support. In the hope of increasing participation, the founding companies have extended membership to any individual, organization, or security vendor that wants to be part of this coalition.
Although ETHOS is only one of many initiatives that will be needed to address cybersecurity concerns, its success should mean fewer asset owners becoming victims of preventable cyberattacks as a result of sharing actionable indicators to help create a broader view of the non-theoretical threat landscape.
As large-scale efforts like ETHOS progress, organizations should also to focus on bolstering their internal cybersecurity programs.
Establishing a Framework for Success
The National Cybersecurity Strategy is the first step in setting general expectations to protect the nation’s critical infrastructure, and as it matures, more specific requirements will be defined. As the Strategy evolves, your organization should create a process that allows it to continually assess its current cybersecurity program, identify vulnerabilities, and quickly implement solutions.
A good way to begin is to initiate an evaluation and review of your OT cybersecurity program that follows the five foundational elements of the National Institute of Standards and Technology (NIST), IEC 62443 and ISA99:
- Identify and prioritize organizational assets and assess the potential impact of a cybersecurity event on those assets.
- Protect organizational assets by implementing security controls that reduce the likelihood and/or impact of a cybersecurity event.
- Define and detect cybersecurity events as they occur.
- Respond to cybersecurity events in a timely and effective manner to minimize damage.
- Recover from cybersecurity events in a timely and effective manner to restore operations.
Following a risk-based approach to developing a cybersecurity plan can better position your organization for future implementation once the U.S. government develops more detailed guidelines for implementing the National Cybersecurity Strategy. With the risks identified and the processes established for resolving them, you’ll have a framework that you can use to meet prescriptive requirements when they are announced.
Implementing for the Present and Preparing for the Future
The National Cybersecurity Strategy is not yet detailed for implementation, but that does not prevent you from working to create or improve on your organization’s OT cybersecurity plan.
Our team of experts at SWOT24™, Operational Technology (OT) Cybersecurity by ABS Group, can help you set up processes that allow you to implement a cybersecurity program and improve and update it as the threat environment and federal requirements change.
We help you assess your architectural defense and establish a means of securing the perimeter and controlling access, evaluate your visibility into the IT and OT environment and your ability to monitor it, and assess your vulnerability management program and incident response plan.
Together, we can strengthen your cyber defenses, and collectively, we can improve cybersecurity for critical infrastructure in the United States and around the world.
We're the Experts
SWOT24™, OT Cybersecurity by ABS Group, provides a comprehensive portfolio of OT cybersecurity consulting, implementation and risk management services. We help organizations, like yours, identify and mitigate critical cyber threats in real-time. We focus on stopping the bad guys so you can focus on what really matters: Your Operations.