Do you speak CISA?

Cybersecurity is a growing concern in our nation. So much so that the Department of Homeland Security has an entire division devoted to cybersecurity, the Cybersecurity and Infrastructure Security Agency (CISA). CISA was created to reduce cybersecurity and Critical Infrastructure vulnerabilities in the U.S. The organization works with businesses, communities and governments to bolster the country’s defenses in key sectors, making them more resilient to cyber and physical threats.

The Cybersecurity and Infrastructure Security Agency (CISA) defines Critical Infrastructure as the essential systems and services that are the foundation of American society. They are so vital to our country that if incapacitated or destroyed, there would be disastrous consequences for public health, safety, and economic security.

Our Critical Infrastructure includes highways, connecting bridges and tunnels, railways, utilities like water and electricity, food supply, healthcare infrastructure, buildings and related services, according to the Department of Homeland Security (DHS). Our economic survival and daily lives rely on these vital systems.

In 2021, President Biden signed an Executive Order with the goal of improving and modernizing our nation’s cybersecurity posture, especially in Critical Infrastructure industries.

Both public and private sector entities are facing alarmingly sophisticated and malicious cyber activity along with a vast increase in less complex attacks like phishing which also can be crippling if not detected.

The Executive Order is expected to strengthen our cybersecurity for our critical infrastructure by doing the following:

• Requiring providers to share breach information that could impact Government networks.
• Establishing a Cybersecurity Safety Review Board to analyze cyber incidents and make concrete recommendations for improvement.
• Creating a standardized playbook for cyber incident response so federal departments can take uniform steps to identify and mitigate a threat. The playbook will also provide the private sector with a template for its response efforts.

Analyst firm ARC Advisory Group recently reviewed requirements for securing critical OT systems. Their subsequent report included the following core recommendations for industrial companies:

• Review OT cybersecurity strategies to confirm that the basics are covered and deliver confidence that your organization can address sophisticated attacks. How frequently are installed base inventories assessed, for example? What detection, mitigation and backup/recovery systems are designed?
• Is cyber awareness training provided to all employees? What physical or product security steps have been implemented at the controller and device levels?
• Confirm that digital transformation efforts include adequate security from the start to reduce risks related to Internet of Things (IoT) devices, cloud services, remote workers, supply chains and third-party systems. Consider third parties to fill gaps in cybersecurity expertise. Cybersecurity talent is in notoriously short supply worldwide. It’s imperative to deploy effective infrastructure security solutions quickly and accurately and consulting firms with this expertise can provide expertise, saving an enormous amount of wasted effort and cost.

Cybersecurity gaps in Critical Infrastructure industries must be closed and many public and private organizations must address these issues with urgency.

Congress passed a bipartisan $1 trillion infrastructure bill in November 2021. Part of the infrastructure bill will provide funding to CISA and other agencies. All funding will be used for services and grants that help protect the country's Critical Infrastructure services, including at state and local government levels.

To be eligible for a grant, a cybersecurity plan must be submitted to the DHS for review, detailing technical capabilities and protocols for detecting and responding to cyberattacks. The plan would be required to meet certain baseline standards. (More information will be provided when published). Rockwell Automation’s cybersecurity assessment and planning protocols, based on the NIST framework for effective cybersecurity with categories of Identify, Protect, Detect, Respond and Recover, would be a logical way to begin.

Rockwell Automation is committed to assisting Critical Infrastructure industries in achieving grant funding through the Infrastructure Investment and Jobs Act. Learn more about steps you can take today to be ready to apply.