Last month, the Department of Homeland Security issued a rare public alert about a large-scale Russian cyber campaign targeting U.S. infrastructure. The news raised serious concerns about vulnerabilities in the nation’s power grid and other critical infrastructure assets.
All too often, concerns over cybersecurity threats are limited to stolen data or emailed malware programs. Leading to what Tenable calls a “widening cyber exposure gap,” where risks to the nation’s critical infrastructure and vital production assets are poorly understood.
Tenable is looking to change that. On May 3, Tenable is hosting a one-day conversation on how dynamic and metric-driven approaches to understanding cyber exposure enable digital transformation. The program will feature a panel discussion where industry and Federal leaders will discuss how continuous asset discovery and vulnerability detection can close the cyber exposure gap and support IT and operational technology (OT) security.
Tenable’s Ted Gary shared why securing critical infrastructure assets is such a challenge and what changes need to happen.
“Visibility of overall systems is really limited,” Gary said. He explained that at most critical infrastructure sites, OT and IT teams rarely interact or collaborate. So IT folks have little insight into what cybersecurity protocols are in place for OT equipment. Due to a lack of collaboration, Gary explained, there are significant knowledge gaps on both sides and a silo effect has taken over.
To close the cyber exposure gap, IT teams need to go back to basics. Gary said the first step is a complete and accurate inventory of the network. Once that’s complete, IT teams must do a vulnerability assessment. “These are basic things that are not being done very well,” Gary said.
Fixing the current silo effect requires cross training, Gary explained. Both teams need to understand each other’s jobs, challenges, and limitations. Frequently, the IT staff wants to rush in with the latest and greatest cybersecurity technology. Unfortunately, most of the OT equipment currently deployed can’t handle super active automated technology, Gary explained. And testing new solutions on OT is a lot more challenging.
“This isn’t an IT system where you can just reboot a computer,” Gary said. “A failure can be really significant; you’re knocking out a power grid.”
In terms of practical advice, Gary shared how one OT leader started hosting brown bag lunches with OT and IT staffers. They used that time to explain the OT world and get the conversation going to understand their shared goals and constraints. Starting the conversation is the first step to reducing knowledge gaps and lessening the silo effect, Gary explained.
In 2015, a power-grid cyberattack, likely from Russia, caused a blackout for more than 200,000 people in Ukraine. The threat to U.S. critical infrastructure isn’t hypothetical. While closing the cyber exposure gap won’t happen overnight, Tenable is certainly moving the conversation in the right direction. To learn more, join Tenable and Federal agency leaders at GovEdge18 on May 3 at the JW Marriott – click here to register.