President Biden administration moves to invest in Industrial Security.

by Cynthia Gonzalez, Senior Product Marketing Manager, Exabeam

Since instituting its first industrial control systems (ICS) security capability in 2004, the federal government has made significant strides in instituting informed and proactive security investments to protect our nation’s most valuable infrastructure. Through the work of the Cybersecurity and Infrastructure Security Agency (CISA), our country’s ability to anticipate, prioritize and manage national-level ICS risk has improved greatly, but there is still much more to do.

Due to the nature of ICS and its use of new technologies like IoT, WiFi 6, 5G and more, the ICS risk landscape has considerably altered. This heightened convergence of IT and operational technology (OT) is opening new doors for threat actors to exploit vulnerabilities that could—and have—led to serious incidents affecting the globe’s well-being and livelihood.

When the Consequences are More Than Disruptive

Consider the number of attacks on American critical infrastructure in just the past nine months: the Colonial Pipeline ransomware attack that led to fuel shortages along the East Coast; the supply-chain attack targeting SolarWinds that opened a back door to 18,000 organizations, including government agencies; and the compromise of a water treatment facility in Oldsmar, Florida that could have poisoned thousands of residents with sodium hydroxide. We must not ignore the threats happening overseas either. In Israel, threat actors gained access to a water treatment facility to alter levels of chlorine, similar to Oldsmar, that could have sickened thousands. These occurrences remind us that cybercrime is not merely an inconvenience but has the possibility to be fatal.

A Push for Stronger ICS Cybersecurity

Following the series of attacks, the Biden administration is making its latest push to educate the critical infrastructure industry on cybersecurity challenges with the signing of a new Executive Order (EO) that, in part, establishes an Industrial Control Systems Cybersecurity Initiative, which it defines as a “voluntary, collaborative effort between the federal government and the critical infrastructure community to significantly improve the cybersecurity of these critical systems.”

The administration says it will encourage and facilitate the deployment of technologies and systems that provide threat visibility, indications, detection and warnings, and that facilitate response capabilities for cybersecurity in essential control system and operational technology networks. It will do this by encouraging the expansion and deployment of technologies that can monitor and control threats across critical infrastructure.

Defending Without Disrupting

Most ICS were built for reliability rather than security. As stand-alone systems, the infrastructure is meant to run 100% of the time, which simply does not allow for any operational disruption—energy plants can’t go offline for hours at a time for OT maintenance. Securing ICS is a more complex effort due to the way the infrastructure was designed.

That’s why it’s important that our industry pushes forward on the development of tools that efficiently detect, investigate and respond to threats without disrupting existing functions. One such mode of accomplishing this is found in extended detection and response (XDR).

XDR’S Role in Supporting Biden’s Initiative

XDR is a SaaS-based threat detection, investigation and response tool that combines thorough behavioral analytics data and automation to deliver an outcomes-based approach to security operations. XDR tools detect and respond to threats pulled from a third-party network monitoring software or IoT/OT security platforms, like Armis or Nozomi, and then pairs that information with additional insights from the security tools they already have. XDR leverages user and entity behavior analytics (UEBA) to distinguish normal vs. abnormal behavior so that when analysts start seeing assets behaving anomalously, they can detect it quickly and automate the response. XDR also provides visibility across many important data sources, including endpoint, network, cloud, email, identity and others, to find threats missed by individual point solutions. 

The capabilities of XDR will help support the Biden Administration’s ICS Initiative goal of providing threat visibility, indications, detection and warnings, and facilitate response capabilities for cybersecurity in essential control system and operational technology networks.

Today’s adversaries are agile, persistent and creative—but we must stay on offense in order to outpace these groups. We welcome President Biden’s new initiatives to better secure our country’s critical infrastructure and commitment to promoting joint investments and collaboration with government, the private sector, and academia to build on our ICS security capabilities. While it comes just short of a crystal ball, we believe that a key component in building a strong defense remains in the predictive capabilities of tools like XDR and UEBA.

cynthia gonzalez exabeam
Cynthia Gonzalez

About the Author
Cynthia Gonzalez is a Product Marketing Manager at Exabeam. An advocate for customers, she’s focused on their use of technology to enable and simplify work. She is at her best when bridging the gap between sophisticated software products and the benefits customers can expect.