The Federal OT footprint – from military base operations to their public utilities, from postal operations to NASA missions – is immense, which means the potential cyber attack surface is as well. As adversaries develop new tactics for potential OT-related disruption, Federal agencies and the Service Branches have been prioritizing OT now more than ever. (OT, sometimes referred to as cyber-physical systems, is defined as programmable systems or devices that interact with the physical environment or managed devices that interact with the physical environment.)
For Federal civilian and DoD agencies, defending against OT attacks presents unique challenges. A new study examining the state of OT security at Federal civilian and DoD agencies underscores the realities of the threat landscape they face and highlights how these Federal guardians have taken proactive measures to identify vulnerabilities and bolster their security posture.
In the study, Guardians of Government: The State of Federal OT Security, 90 percent of Federal OT administrators reported they have placed greater emphasis on OT security. And for good reason. Sixty-eight percent reported an OT cyber security incident in just the past year, and only 20 percent gave themselves an ‘A’ grade for OT security preparedness. When asked if they could mitigate and respond to an OT threat today, half of the respondents expressed a high degree of confidence.
The study provides a comprehensive assessment of the critical gaps they face and what best practices they’ve adopted to enhance operational security. The obstacles to achieving a desired state of resilience and readiness are multi-fold. They report gaps they seek to close in their OT security, including improved asset visibility, secure remote access and monitoring. Many Federal agencies face additional OT security challenges, such as managing broad geographic distribution of their connected endpoints and limited air-gapping. And 65 percent estimated that assets in their organization have reached end-of-life yet are still internet facing, thus adding to their cyber attack surface.
The good news is these leaders are taking proactive measures within their agencies to address their security needs, despite the complexity. First, they report significantly greater coordination between IT and OT organizations, and some agencies have even aligned these functions in their organizations. Second, more report that they have implemented continuous assessments and have begun standardizing risk models. And, they’ve focused on upskilling their teams to keep pace with both evolving technologies and persistent threats. These are all steps in the right direction and will ultimately result in greater resilience and higher levels of confidence in their ability to meet the threats of today and in the future.
As our Federal systems – and world – have become increasingly interconnected, and the extended Internet of Things has become a reality, it is vital that we safely protect the cyber and physical components of connected organizations. As these Guardians of Government have reported, the threats are real. However, the organizational processes and technologies exist today and, if implemented well – with up-to-date best practices and expediency – can meet these threats with confidence.
About the Author
Heather Young is regional vice president, US Federal, for Claroty. She is responsible for supporting and enabling clients across Federal, State and Local Government, and the Education sectors.
Heather can be reached at [email protected], @youngheather20 and at https://claroty.com/.