Efforts by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) to invest in real-time information sharing capabilities are keying the Biden administration’s campaign to improve industrial control systems (ICS) cybersecurity, CISA and NSA officials said this week.
In July 2021, President Biden issued a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems formally announcing the government’s ICS Cybersecurity Initiative. The primary objective of the initiative is to defend U.S. critical infrastructure by encouraging and facilitating the deployment of technologies and systems that provide threat visibility, indications, detection, and warnings, and that facilitate cyber response capabilities in essential control system and operational technology networks.
“The United States relies heavily on the continuous and reliable performance of extensive and interconnected critical infrastructure sectors. And while those sectors perform a different function, they are all dependent on ICS to monitor, control, and safeguard their critical processes,” said Mark Bristow, branch chief for cyber defense coordination at CISA, during a virtual event hosted by Dragos on Feb. 14.
ICS owners and operators face threats from a host of adversaries whose intentions include gathering intelligence and disrupting national critical functions. The ICS Cybersecurity Initiative, Bristow explained, is a clear commitment to investing the right resources to protect critical infrastructures from different cyber threats.
Information sharing is an essential tool in cybersecurity and ensuring the success of the ICS Cybersecurity Initiative. However, according to Bristow, for the new initiative needed to move away from previously established information-sharing models within the Federal government that lacked the capabilities needed to coordinate and share information.
“Our adversaries are maturing, so we need to mature as well,” Bristow said. “By maturing our information sharing capabilities we will better understand adversarial tactics and predict what our adversaries will do.”
Morgan Adamski, chief for the NSA Cybersecurity Collaboration Center, also emphasized the importance of sharing relevant and real-time information. Clear, open, and real-time communication between NSA analysts and infrastructure holders ensures that information is timely and relevant, he said.
“At NSA, it has become increasingly important to ensure the sharing of timely and relevant information with ICS holders,” Adamski said. “We are only one piece of the puzzle. Infrastructure holders are the other. Open collaboration and communication ensure better protection for those ICS systems.”