US 100-Day Critical Infrastructure Protection Plan

The White House said on Tuesday that President Joe Biden‘s administration is beginning a 100-day plan to guard critical U.S. electric infrastructure against sophisticated cyber threats. Following the news, please see below comments from Edgard Capdevielle, CEO of Nozomi Networks:

Experts Comments

April 21, 2021
John Callahan
CTO
Veridium

As U.S. DOE kicks off its 100-Day Plan to address cybersecurity risks to the U.S. Electric System, we note that energy is one of 16 sectors (https://www.cisa.gov/critical-infrastructure-sectors) but it is a foundational sector due to the dependence of other sectors (information, healthcare, communications) on energy. One of the major problems in all of these sectors is the lack of interoperability between industrial control systems (ICS), operational technologies (OT), and Internet-of-Things

.....Read More

As U.S. DOE kicks off its 100-Day Plan to address cybersecurity risks to the U.S. Electric System, we note that energy is one of 16 sectors (https://www.cisa.gov/critical-infrastructure-sectors) but it is a foundational sector due to the dependence of other sectors (information, healthcare, communications) on energy. One of the major problems in all of these sectors is the lack of interoperability between industrial control systems (ICS), operational technologies (OT), and Internet-of-Things (IoT) devices (and networks) in general. Today, the FIDO Alliance announced a better way to break through all the stovepipes of ICS/OT/IoT platforms that allows for a unified approach for systems of devices, access control to such systems, and onboarding trusted devices into such systems. The FIDO Device Onboarding (FDO) standard provides an automatic onboarding protocol for devices and permits the late binding of device credentials so that one manufacturer's device may be onboarded across different platforms. The FIDO Alliance is a consortium of over 250 companies including Google, Microsoft, Veridium, and Intel, dedicated to interoperability for critical control solutions.

  Read Less
April 21, 2021
Edgard Capdevielle
CEO
Nozomi Networks

Regardless of the specific elements contained in the plan, there are upsides and downsides that should be kept in focus. First, it’s reactionary and meant to address past incidents. It’s not forward-thinking or future-proof and doesn’t address incidents that haven’t been discovered or happened yet. On the upside, the fact we have a plan means the matter is being taken seriously at the highest levels of leadership. Whatever might ultimately prove to be right or wrong with the plan, can

.....Read More

Regardless of the specific elements contained in the plan, there are upsides and downsides that should be kept in focus. First, it’s reactionary and meant to address past incidents. It’s not forward-thinking or future-proof and doesn’t address incidents that haven’t been discovered or happened yet. On the upside, the fact we have a plan means the matter is being taken seriously at the highest levels of leadership. Whatever might ultimately prove to be right or wrong with the plan, can be adjusted and improved upon as we execute. We should view this sprint, like others, as building blocks rather than silver bullets.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.