US 100-Day Critical Infrastructure Protection Plan

The White House said on Tuesday that President Joe Biden‘s administration is beginning a 100-day plan to guard critical U.S. electric infrastructure against sophisticated cyber threats. Following the news, please see below comments from Edgard Capdevielle, CEO of Nozomi Networks:

Subscribe
Notify of
guest

2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
John Callahan
InfoSec Expert
April 21, 2021 3:06 pm

<p>As U.S. DOE kicks off its 100-Day Plan to address cybersecurity risks to the U.S. Electric System, we note that energy is one of 16 sectors (<a href=\"https://u7061146.ct.sendgrid.net/ls/click?upn=4tNED-2FM8iDZJQyQ53jATUVkewBNXovFnZxkCJJFAaihJj5i44wRbNWXuJeMQJULfBWui5YXF9GRWOvxrzerbWg-3D-3DjmFw_S3RA1gMvL7v1TdZrqvF2X48vY2LyH9KYdxKxBaPFp6Fl1TEEsXDQbgk-2FWPw9Ah5nwh5z3HPLIw79cePUeHvYGTO5AKaXxfXA6PdkmD9nZzOoTnHFT1UG5oGB72ysmgML7gj3whrV4snGe8HUx9B36V6L9qYd52I4SEmMm9thUvFzpfUk4aXiUp44-2Fc2ytmnKBBcms4yTFo-2FoIFeJ2mKlfmPtSFZ0c3qCUJEW0gV6-2FlDdFC7yb051MO9CBNPSN08ChhmUH-2FiUw5iArHOkiDzjV7TV32L-2Bce3OfN4zWMS8HR8yZNlXUd3q09wIt0Nw2Fs0pYZ5VoHrARaybtgnJOhaL4AV8W6pGI-2BklXjOB51XyqMN3RzMAe1LB8Tc6hHlybQp\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=https://u7061146.ct.sendgrid.net/ls/click?upn4tNED-2FM8iDZJQyQ53jATUVkewBNXovFnZxkCJJFAaihJj5i44wRbNWXuJeMQJULfBWui5YXF9GRWOvxrzerbWg-3D-3DjmFw_S3RA1gMvL7v1TdZrqvF2X48vY2LyH9KYdxKxBaPFp6Fl1TEEsXDQbgk-2FWPw9Ah5nwh5z3HPLIw79cePUeHvYGTO5AKaXxfXA6PdkmD9nZzOoTnHFT1UG5oGB72ysmgML7gj3whrV4snGe8HUx9B36V6L9qYd52I4SEmMm9thUvFzpfUk4aXiUp44-2Fc2ytmnKBBcms4yTFo-2FoIFeJ2mKlfmPtSFZ0c3qCUJEW0gV6-2FlDdFC7yb051MO9CBNPSN08ChhmUH-2FiUw5iArHOkiDzjV7TV32L-2Bce3OfN4zWMS8HR8yZNlXUd3q09wIt0Nw2Fs0pYZ5VoHrARaybtgnJOhaL4AV8W6pGI-2BklXjOB51XyqMN3RzMAe1LB8Tc6hHlybQp&source=gmail&ust=1619102383530000&usg=AFQjCNFsVd6dLy7lnuqWS5Vsh5xKqpJLPQ\">https://www.cisa.gov/<wbr />critical-infrastructure-<wbr />sectors</a>) but it is a foundational sector due to the dependence of other sectors (information, healthcare, communications) on energy. One of the major problems in all of these sectors is the lack of interoperability between industrial control systems (ICS), operational technologies (OT), and Internet-of-Things (IoT) devices (and networks) in general. Today, the FIDO Alliance announced a better way to break through all the stovepipes of ICS/OT/IoT platforms that allows for a unified approach for systems of devices, access control to such systems, and onboarding trusted devices into such systems. The FIDO Device Onboarding (FDO) standard provides an automatic onboarding protocol for devices and permits the late binding of device credentials so that one manufacturer\’s device may be onboarded across different platforms. The FIDO Alliance is a consortium of over 250 companies including Google, Microsoft, Veridium, and Intel, dedicated to interoperability for critical control solutions.</p>

Last edited 1 year ago by John Callahan
Edgard Capdevielle
InfoSec Expert
April 21, 2021 12:00 pm

<p>Regardless of the specific elements contained in the plan, there are upsides and downsides that should be kept in focus. First, it’s reactionary and meant to address past incidents. It’s not forward-thinking or future-proof and doesn’t address incidents that haven’t been discovered or happened yet. On the upside, the fact we have a plan means the matter is being taken seriously at the highest levels of leadership. Whatever might ultimately prove to be right or wrong with the plan, can be adjusted and improved upon as we execute. We should view this sprint, like others, as building blocks rather than silver bullets.</p>

Last edited 1 year ago by Edgard Capdevielle
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x