Blog Editor’s Note: The recent INFRAGARD newsletter informed us that the President declared November as “Critical Infrastructure Security and Resilience Month.” Also that this was “Interdependencies of Cyber and Physical Infrastructure Week.”

If you are like us, you are having trouble sitting still to read this because of all the excitement.

Seriously, it is good to know that folks in the government are thinking about these kinds of things and are encouraging others to do so as well. But “thinking about” is a far cry from taking the actions needed to make our nation safer. 

DHS justifies its passive leadership by pointing out that almost all the nation’s critical infrastructure is in private or state government hands. Yes, this is America and that is how we operate. Yet the federal government has long been proactive ensuring aviation, maritime, road transport, and private forays into space are conducted safely and in the nation’s interest. That’s because the implications of failure in any of these areas are often disastrous and have the potential to damage the nation as a whole. The same is true with most critical infrastructure – that’s why its critical. 

Words, words, words. They quickly lose their meaning unless they are making a difference in how people act.

From InfraGardNCR E-Newsletter: November 7, 2018:

Critical Infrastructure Security and Resilience Month Week 1: Interdependencies of Cyber and Physical Infrastructure

The interconnectedness of the physical and cyber realms is not a new challenge.  In fact, with the continually growing Internet of Things, the networked enablement of everyday business functions has forced enterprises to embrace the fact that physical security and cybersecurity must be treated in a unified manner.  But why haven’t companies been able to converge? The problem has been the actual implementation of a converged security solution. Because physical and logical security systems have had little in common on any level, integrating them was seen as a costly and complex proposition. Yet, that’s changed. While some enterprises might not consider their access control or HVAC data a high-risk asset, hackers are often looking for the path of least resistance into your system and to higher-value physical prizes. That path can easily be through security technology. Traditional “physical” devices such as HVAC, lights, video surveillance, ID cards, biometrics, access control systems and more that are now IP-enabled create an entirely new set of vulnerabilities that bad actors will exploit to access a company’s network to steal business or customer information or disrupt the company’s physical infrastructure (gates, elevators, cameras) to gain physical access.

So how does this apply to critical infrastructure?  The following is from Goal 4.1: Strengthen the Security and Resilience of Critical Infrastructure Against Cyber Attacks and Other Hazards:  The “cyber-physical convergence” has changed the risks to critical infrastructure in sectors ranging from energy and transportation to agriculture and healthcare. DHS coordinates with its private sector partners as well as with state, local, tribal, and territorial governments to share information and intelligence regarding cyber threats and vulnerabilities, foster development of trustworthy products and services, and encourage the adoption of best-in-class cybersecurity practices.  In order to continue to strengthen the security and resilience of critical infrastructure against cyber and physical threats, DHS has implemented the following strategies:

  • Enhance the exchange of information and intelligence on risks to critical infrastructure and develop real-time situational awareness capabilities that ensure machine and human interpretation and visualization by increasing the volume, timeliness and quality of cyber threat reporting shared with the private sector and state, local, tribal, and territorial partners, and enabling the National Cybersecurity and Communications Integration Center to receive information at “machine speed” by enabling networks to be more self-healing, using mathematics and analytics to mimic restorative processes that occur biologically.
  • Partner with critical infrastructure owners and operators to ensure the delivery of essential services and functions by building effective partnerships to set a national focus and determine collective actions, providing assistance to local and regional partners, and leveraging incentives to advance security and resilience, as described in the National Infrastructure Protection Plan: Partnering for Security and Resilience.
  • Identify and understand interdependencies and cascading impacts among critical systems by leveraging regional risk assessment programs, organization-specific assessment, asset and network-specific assessment, and cross-sector risk assessments.
  • Collaborate with agencies and the private sector to identify and develop effective cybersecurity policies and best practices through voluntary collaboration with private sector owners and operators (including their partner associations, vendors, and others) and government entity counterparts.
  • Reduce vulnerabilities and promote resilient critical infrastructure design by identifying and promoting opportunities that build security and resilience into critical infrastructure as it is being developed and updated, rather than focusing solely on mitigating vulnerabilities present within existing critical infrastructure

 

Partial content retrieved on 07 November 2018 from https://www.securitymagazine.com/articles/88847-the-unstoppable-convergence-between-physical-and-cybersecurity; originally written by Diane Ritchey and published by Security Magazine on 01 April 2018

Brad P

FREE GPS Presentation Download

“The Father of GPS,” Dr. Brad Parkinson recently gave a presentation on the three most important things that must be done to protect GPS.

Download your free copy by filling out the form below.

You have Successfully Subscribed!