More cyber threats mean more regulations
The Biden administration has taken several steps in the past year to safeguard US critical infrastructure from cyber threats. Following the Executive Order issued last May, the president issued National Security Memorandum (NSM) 5 on protecting critical infrastructure in July. This memorandum has expanded to address additional concerns including the electric and natural gas pipeline subsectors, rail transportation, and water infrastructure.
Our water infrastructure is especially important since it has recently been targeted with several cyberattacks—with the potential to harm Americans. In response, the Environmental Protection Agency (EPA) responded with an action plan on high-impact initiatives that can be surged within 100 days to bolster cybersecurity for our nation's water infrastructure.
Additionally, the federal government is moving forward with a zero-trust architecture (ZTA) strategy. This will require agencies to meet specific standards by the end of the Fiscal Year (FY) 2024.
Your plan to prevent cyberattacks
Effective cybersecurity measures do not simply react to an attack. They start with proper planning to ensure robust risk assessments and incident response plans are in place. Proactive planning can help prevent long-term negative operational impacts by outlining contingencies for many scenarios.
While the requirements from the Federal Government seem to be massive, an organization can complete the following 5 items to be compliant:
- Assign someone within the organization as the Cybersecurity Coordinator. This should be someone who has appropriate knowledge of the environment as well as management authority to implement sound practices, manage incidents, and serve as a principal point of contact with the federal government on cyber matters.
- Implement specific mitigation measures to protect against ransomware and other known threats to both information and operational technology systems.
- Develop and implement a cybersecurity contingency and incident response plan to reduce the risk of operational disruption.
- Complete a cybersecurity risk assessment to identify potential gaps or vulnerabilities.
- Follow up the risk assessment with an annual cybersecurity review.
Take steps to be secure, with expert help
The Federal government has provided helpful guides for organizations to start assessing their cyber risk. However, most agencies do not have the time or the cyber expertise to meet all 5 of these items.
CAI's cybersecurity team can help you meet these requirements. We have helped clients across multiple sectors comply with the 5 steps. Our cybersecurity practice has the experience you need to begin your proactive cybersecurity journey.
As an expert in cybersecurity and procuring services, CAI is aware of the time commitment and costs associated with the lengthy procurement process. Agencies can leverage several, different CAI contract vehicles for cyber services avoiding the Request for Proposal (RFP) process in its entirety.
With so many cybersecurity solutions in the market today, it can be hard to understand what you really need. We offer end-to-end cybersecurity solutions based on your needs. Contact us to start your proactive cyber journey and learn how to improve your infrastructure system defenses.