Advisory Board Sends Critical Infrastructure Cyber Recommendations to the White House

Yuichiro Chino/Getty

Featured eBooks
The IT Modernization Mission
Read Now

Ransomware Threat

Read Now

What's Next For Government Cloud

Read Now

Federal Agencies Exploring Computing at the Edge

Read Now
Alexandra Kelley By Alexandra Kelley,
Staff Correspondent

By Alexandra Kelley

|

The National Security Telecommunications Advisory Committee voted unanimously to send its most recent report on IT systems security to President Biden.

Members on the National Security Telecommunications Advisory Committee voted on Tuesday to send a new information technology impact report to President Joe Biden and reiterated its mission commitments to security compliance and fortified critical infrastructure.

The report, which focuses on the security risks involved in the convergence of operational technology and information technology across digital systems, was ultimately approved unanimously to head to the executive branch.

“As information and communications technologies become ever more critical to our daily lives, how we set security requirements, through compliance with those requirements, and communicate that proof to users and regulators, is of great concern,” NSTAC Vice Chair Scott Charney said during a press call on Tuesday.

ITOT systems are becoming more commonplace as connection to the internet expands. Formerly independent operations, such as water treatment processes and electrical grid operations, are now able to connect with IT devices like routers and servers. This increased connectivity facilitates daily business for some industries, but creates more room for disruptive cyberattacks throughout an organization.

Jack Huffard, NSTAC member and chair of the Information Technology and Operational Technology subcommittee within the advisory group, spearheaded the study that focused on ITOT convergence networks and their potential system vulnerabilities, as well as mitigation advice. 

Huffard said the report looked to stakeholders in the private and public sectors, including cybersecurity and cloud vendors, as well as federal policymakers to gauge the threat landscape within ITOT interoperable systems.

Ultimately, the report found that many organizations in critical industries lack sufficient visibility into their OT environments as well as in their supply chain networks. 

“The convergence of IT and OT systems is not a new issue,” Huffard said. “It has been happening for decades. The convergence of IT and OT has created clear and present cyber exposure challenges [that] require attention. We have the technology and knowledge to secure these systems. But we have not prioritized the resources required to implement appropriate solutions.”

The group included in the report 15 recommendations to help fortify ITOT digital networks. Three of these recommendations, however, were singled out by Huffard as being critically important. One recommends having the Cybersecurity and Infrastructure Security Agency issue a directive requiring executive civilian branch agencies to take inventory and interconnectivity of their internet of things, or IOT, devices to improve IT and cybersecurity needs. 

The final two recommendations mandate CISA to update guidance in procurement language to require risk-informed cybersecurity capabilities for products contracted to support ITOT converged environments, and ask that CISA further work with the National Security Council and the Office of the National Cybersecurity Director to develop information and data sharing mechanisms that facilitate the protection of the country’s critical infrastructure from ransomware hackers. 

“These three recommendations, coupled with the other important recommendations in the report, can greatly improve our nation's critical infrastructure cybersecurity posture,” Huffard said. 

Improving U.S. networks’ cybersecurity is a pillar in the Biden administration’s broader plan to improve infrastructure. His executive order on the matter spurred federal agencies into investigating gaps in digital security in order to improve the nation’s digital security.

The NSTAC, which was formed in 1982, has most recently issued other overview reports on 5G broadband network security and focuses on advocating on federal technological investment through a information and communications technology lens.  

Prior to the most recent report on ITOT security, the NSTAC published other cybersecurity reviews for zero trust architecture and supply chain software as part of its multi-phase investigations within the overarching “Enhancing Internet Resilience in 2021 and Beyond” initiative at NSTAC.

NEXT STORY: Government IT Networks May Not be Ready for Office Return, Survey Says

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.