US Agencies Told to Assess IoT/OT Security Risks to Boost Critical Infrastructure Protection
House › ICS/OT
US Companies Advised to Assess IoT/OT Safety Dangers to Enhance Vital Infrastructure Safety
By Eduard Kovacs on December 05, 2022
Tweet
The US Authorities Accountability Workplace (GAO) has urged a number of federal businesses to conduct cybersecurity-related assessments in an effort to enhance the safety of sure essential infrastructure sectors.
The GAO identified that the DHS, CISA and NIST have issued steering, alerts, advisories, and different assets in an effort to assist federal and personal entities handle the cybersecurity dangers related to internet-of-things (IoT) and operational expertise (OT) methods.
Whereas steps have been taken to guard essential infrastructure towards cyberattacks, GAO believes extra must be finished by sure businesses.
The US Power Division has initiatives specializing in OT cybersecurity monitoring applied sciences and cybersecurity for OT environments. The Division of Well being and Human Providers supplies pre-market and post-market cybersecurity administration steering for medical system producers. The DHS and the Transportation Division’s initiatives embody a floor transportation cybersecurity toolkit and a directive on enhancing rail cybersecurity.
These businesses have a number one position in defending the vitality, healthcare, and transportation essential infrastructure sectors towards cyberattacks, and the aforementioned initiatives present their dedication to attaining their targets.
[ Read: Increasing Number of Threat Groups Targeting OT Systems in North America ]
Nonetheless, the GAO is displeased with the truth that not one of the three businesses have developed metrics to evaluate the effectiveness of those initiatives. As well as, they haven’t performed IoT and OT cybersecurity threat assessments for the sector as a complete, which prevents them from figuring out what different protections may be wanted.
“Lead company officers famous problem assessing program effectiveness when counting on voluntary info from sector entities. However, with out makes an attempt to measure effectiveness and assess dangers of IoT and OT, the success of initiatives supposed to mitigate dangers is unknown,” the GAO mentioned.
The GAO has made a collection of eight suggestions to the 4 businesses in command of the vitality, healthcare, and transportation sectors, specializing in the wants to ascertain and use metrics for assessing the effectiveness of IoT/OT cybersecurity efforts, and evaluating cybersecurity dangers.
“The Departments of Homeland Safety and Transportation concurred with the suggestions whereas Power mentioned it could not reply to the suggestions till after additional coordination with different businesses. Well being and Human Providers neither agreed nor disagreed with the suggestions however famous deliberate actions. Particularly, the division mentioned it deliberate to replace its sector-specific plan however asserted that it can’t compel adoption of the plan within the non-public sector,” the GAO reported.
The company identified that the IoT Cybersecurity Enchancment Act of 2020 prohibits authorities organizations from shopping for or utilizing IoT units that aren’t compliant with NIST safety requirements after December 4, 2022. Nonetheless, the Workplace of Administration and Finances (OMB) had did not develop a standardized course of for waiving this prohibition by November 22, when GAO completed up its report. The GAO is worried that this might result in inconsistent actions being taken throughout businesses.
Associated: US Offshore Oil and Fuel Infrastructure at Important Threat of Cyberattacks
Associated: Over 12,000 Cyber Incidents at DoD Since 2015, However Incident Administration Nonetheless Missing
Associated: Electrical energy Distribution Methods at Rising Threat of Cyberattacks, GAO Warns
Get the Every day Briefing
- Most Latest
- Most Learn
- Apple Faces Critics Over Its Privateness Insurance policies
- SIM Swapper Who Stole $20 Million Sentenced to Jail
- Steadiness Idea Scores Seed Funding for Safe Workspace Collaboration
- Redigo: New Backdoor Concentrating on Redis Servers
- Vital Vulnerabilities Drive Twitter Various Hive Social Offline
- US Companies Advised to Assess IoT/OT Safety Dangers to Enhance Vital Infrastructure Safety
- Cybersecurity M&A Roundup: 35 Offers Introduced in November 2022
- Google Patches Ninth Chrome Zero-Day of 2022
- Rackspace Shuts Down Hosted Alternate Methods As a result of Safety Incident
- French Hospital Cancels Operations After Cyberattack
On the lookout for Malware in All of the Fallacious Locations?
First Step For The Web’s subsequent 25 years: Including Safety to the DNS
Tattle Story: What Your Pc Says About You
Be in a Place to Act By way of Cyber Situational Consciousness
Report Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant
2010, A Nice 12 months To Be a Scammer.
Do not Let DNS be Your Single Level of Failure
Learn how to Determine Malware in a Blink
Defining and Debating Cyber Warfare
The 5 A’s that Make Cybercrime so Enticing
Learn how to Defend Towards DDoS Assaults
Safety Budgets Not in Line with Threats
Anycast – Three Causes Why Your DNS Community Ought to Use It
The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering Organizations
Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise
