Providing a significant assist to transparency efforts in cybersecurity is the Strengthening American Cybersecurity Act, which was signed into law in March 2022.
Unlike other regulatory efforts focused on updating network security, or mandating agencies like CISA (Cybersecurity and Infrastructure Security Agency, which falls under the Department of Homeland Security) to develop cybersecurity plans, it requires “critical infrastructure entities” to report “substantial cyber incidents” within 72 hours, and any ransomware payment within 24 hours.
In addition to regulatory efforts and compliance, a bigger challenge, and one we’ve begun covering more here on Security Breach, is the significant lack of internal OT cybersecurity expertise within the industrial sector.
In general, this can be attributed to too many manufacturers feeling their IT security personnel can also be used on the OT side. This happens without an appreciation for how different the technology and operating environment is, and how a cut-and-paste approach will leave too many doors open to hackers. Recent findings from Fortinet show that 67 percent of OT security leaders come from an OT engineering background.
Knowing how to implement and connect OT technology does not make one an expert on keeping it secure.
To discuss these and other issues, like IT/OT silos and the impacts of ransomware, we're excited to have Debbie Gordon join us on this episode of Security Breach. She's the founder and CEO of Cloud Range, a leading provider of OT/ICS cyberattack simulations and training.
We’re also excited to announce that Security Breach is being sponsored by Rockwell Automation. For more information on their cybersecurity solutions, you can go to rockwellautomation.com.