President Joe Biden signed a National Security Memorandum last week that establishes a new Industrial Control Systems Cybersecurity Initiative to develop a voluntary set of standards for the nation’s critical infrastructure owners and operators.
“The primary objective of this Initiative is to defend the United States’ critical infrastructure by encouraging and facilitating deployment of technologies and systems that provide threat visibility, indications, detection, and warnings, and that facilitate response capabilities for cybersecurity in essential control system and operational technology networks,” the memorandum states.
The initiative began with a pilot effort with the Electricity Subsector and is now being followed by a similar effort for natural gas pipelines. Efforts for the Water and Wastewater Sector Systems and Chemical Sector are planned for later this year.
Under the new initiative, the Department of Homeland Security will issue preliminary goals for control systems across critical infrastructure sectors no later than September 22, 2021, followed by the issuance of final cross-sector control system goals next year. The Memorandum also leaves open the possibility of issuing new legal and regulatory authorities.
Critical infrastructure operators will play a central role in the development of any voluntary standards that come out of this latest initiative. In the wake of recent cyberattacks impacting ICS networks of some of the world’s most important companies – such as Colonial Pipeline and JBS – it is absolutely necessary that critical infrastructure companies adopt cyber risk quantification to be able to assess the financial impact of events; rank them in priority against one another, and communicate the potential risk to the organization in order to gain buy-in for security strategy and the investments needed to improve security.
Join ThreatConnect and Yokogawa, a leading provider of Industrial Automation and Test and Measurement solutions, on August 18 to learn more about the implications of the forthcoming cybersecurity standards and how cyber risk quantification can help you develop a more effective risk-led industrial security program.
The Industrial Cyber Risk Quantification Workshop will address a wide range of topics, including:
- The rapidly changing threat landscape for ICS and critical infrastructures
- The key cybersecurity business challenges that directly impact your ability to focus on the most important cyber risks
- The implications of the security standards forthcoming from DHS
- Why ICS environments need to begin quantifying cyber risk and how automated Cyber Risk Quantification makes it possible in a matter of weeks, rather than months or years
- How automated CRQ and Cyber Risk Board Reporting can help you add cyber to the realm of enterprise risk management, change the way you prioritize, focus, and gain business buy-in of your cybersecurity strategies