When container shipping company Maersk was hit by a cyberattack in 2017, it cost the company about $300 million, disrupted operations for two weeks, and temporarily closed the largest cargo terminal at the Port of Los Angeles. While this wasn’t the only attack on operational technology (OT) in the last decade, the federal government’s reliance on OT has become increasingly vulnerable as infrastructure evolves toward more of the Internet.
It may have served as a wake-up call to the institution. base system. Since the Maersk attacks, authorities have turned their attention to this and put in place standards and processes to keep the private sector safe.
At a recent meeting of the House Committee on Homeland Security, OT experts acknowledged that vulnerabilities still exist and that there is still no solid timeline for resolving the issue. Covering industrial plant control systems and numerous operating systems such as dams, harbors, fire control systems, building management systems, OT presents a unique cybersecurity challenge. In contrast to building cyber defenses in the ever-modern world of information technology, OT often relies on aging infrastructure.
Eric Goldstein, Department of Homeland Security Cybersecurity and Infrastructure His Security His Agency Cybersecurity Executive Assistant His Director, said at the hearing:
“The group is currently working on a cyber response plan focused on improving the efficiency, effectiveness and speed of sharing threat and vulnerability information across this broad ecosystem,” he said. CISA already had a joint cybersecurity defense working group, but the addition of vendors in the industrial controls sector brings the necessary level of expertise to OT.
Goldstein said CISA formed a joint Cyber security Defense Collaborative Industrial Control Systems (JCDC-ICS) group last April to address his OT concerns. Members of the group include manufacturers, integrators, security his vendors, operators and device manufacturers.
Those private sector partners included GE, Honeywell, Nozomi Networks, Schneider Electric, Schweitzer Engineering Laboratories and Siemens, according to his April release from CISA.
In conjunction with CISA’s efforts to expand support for OT cybersecurity, the National Institute of Standards and Technology has released the first public draft of guidance on operational technology (OT) security. This guide addresses OT threats and vulnerabilities and updates recommended security practices and risk management.
At a committee hearing, Vergle Gipson, a senior adviser to the Department of Energy’s Cyber Core Integration Center at the Idaho National Laboratory, said OT is more difficult to protect against attacks than IT because of its evolution. I said it is possible.