Critical infrastructure construes the physical and cyber systems and assets vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety.
FREMONT, CA: Securing critical infrastructure is critical to the health of the global economy and society. Events that might undermine the integrity, confidentiality, or availability of the services delivered by essential providers of infrastructure and their networks can have significant and potentially devastating consequences. As a result, governments are increasingly focused on this problem. They are calling for essential providers of infrastructure and their IT vendors to implement technical and organizational security measures, as well as to prepare for the potential impacts of security incidents that occur.
Given the progressive nature of the threat environment, non of the single organization can substantially manage the breadth of risks alone. The only sensible path forward is for the vendors, regulators, and critical infrastructure providers to create new ways to instill trust. That requires thoroughly qualifying three vital elements of any hazardous infrastructure environment: trustworthy IT vendors secure solutions, and responsible operations.
Qualifying secure solutions
The revising procurement regulations in order to mandate better assessment of vendor solutions is now overdue. The government regulations should state that any technology deployed in critical infrastructure is procured only from trustworthy vendors.
Qualifying trustworthy IT vendors
Evaluating the overall practices of a vendor must be done. This will mean assessing the robustness, repeatability, and consistency of their secure development practices along with their transparency about vulnerabilities identified in their products, which is essential for resilience.
Qualifying responsible operations
Shifting to digital capabilities demands critical infrastructure providers to keep pace with the latest threat monitoring and detection technologies. For example, machine-learning algorithms can help detect anomalies from the normal network and user behavior. That data can then be used for informing control-based policies to mitigate attacks.
The vendor has the role of helping the infrastructure provider deploy and operate their technology most effectively and securely. As operators need tools for on boarding and managing devices, vendors should work with them to ensure that devices can be tested, provisioned, and updated securely.
See Also: Top Government Tech Solution Companies