Energy, water identified as key cyber priorities in US defence plans
Within their plans to combat cyber threats in the coming year, the US Cybersecurity and Infrastructure Security Agency’s (CISA’s) Joint Cyber Defense Collaborative (JCDC) has announced energy and water as critical areas of attention for resilience efforts.
The JCDC, which leads US cyber defence plans by working across the public and private sectors, has announced its 2023 planning agenda, with the energy and water industries as key priorities for cyber considerations.
The announcement came courtesy of a release from Eric Goldstein, CISA executive assistant director for cybersecurity.
Goldstein commented on how, although all organisations are at risk of cyber intrusions, there are elements and areas that can be abused by malicious actors to achieve widespread impacts.
Energy and water, he added, are two such areas of systemic risk that require attention to prevent cyber attacks and their ramifications.
Thus, the respective sectors will form key areas of the Collaborative’s planning agenda for cyber priorities in the coming year.
Have you read:
US cyber programme seeks innovations for clean energy cybersecurity
Geopolitics shake up cyber considerations
Cyber planning agenda
Said Goldstein: “CISA and our partners are proud to announce JCDC’s 2023 Planning Agenda. This Agenda is the first of its kind — a forward-looking effort that will bring together government and the private sector to develop and execute cyber defense plans that achieve specific risk reduction goals and enable more focused collaboration.
“Through a rigorous process that included input from subject matter experts and our government and private sector partners, we have developed a Planning Agenda focused on three topic areas: systemic risk, collective cyber response, and high-risk communities.”
In prioritising the agenda, the following four efforts were identified as systemic risks in need of partners and collaborations:
- Deepening operational collaboration and integration with the energy sector, in partnership with the Department of Energy (DoE)
- Identifying approaches to enhance security and resilience of edge devices for the water sector
- Understanding and mitigating risks potentially posed by Open Source Software (OSS) used in industrial control systems
- Advancing cybersecurity and reducing supply chain risk for small and medium critical infrastructure entities through collaboration with remote monitoring and management, managed service providers and managed security service providers
Goldstein referenced the war in Ukraine as illustrative of the potential of cyber attacks to disrupt critical infrastructure.
As reported by The Guardian, cyber attacks in the country tripled over the last year with warning of a persistent threat over the country’s infrastructure.
“In the coming weeks, we will kick off our planning efforts on…scaling cybersecurity to support small and midsize critical infrastructure and state, local, tribal and territorial entities.
“The remaining priorities for cyber defense planning efforts will commence in the following months,” added Goldsteing.