The US National Institute of Standards and Technology (NIST) just released an updated draft of its Cybersecurity Framework (CSF), which expands on the original’s mission to provide critical infrastructure operators with much-needed cybersecurity guidance. While still emphasizing critical infrastructure, the latest edition is more encompassing of all sectors and organizations and offers a greater focus on including executives and C-suite in cybersecurity planning. Although it is always an important time to revisit and enhance cybersecurity practices, this update comes at a particularly interesting point in which nation-led and OT threats are escalating. In this month’s insights, we take a look at how best to handle these challenging trends.
RECENT CYBERSECURITY THREATS
Leading up to the CSF release, the Biden administration announced a collection of actions – including an executive order – assembled to better protect the cybersecurity of U.S. ports. Not only is this move essential because of the money that flows into the country’s economy from ports, but because there is growing concern over access to the systems that they rely on to function.
According to CNBC, data shows that “80 percent of the cranes moving trade at U.S. ports are made in China and use Chinese software, leading to concern that the cranes could be used in Chinese surveillance.” This adds onto the case already building around Chinese cybersecurity action. A recent intelligence advisory revealed that hackers backed by China have been accessing U.S. critical infrastructure for years. For instance, a group known as Volt Typhoon has been taking advantage of vulnerabilities in routers, firewalls and VPNs to infiltrate operators spanning fields such as water, transportation, and energy. (If you’re interested in learning a bit more on this, read our latest Industry Brief.)
Read the article in full here.
Sign up today for a free Essential Membership to Automation Alley to keep your finger on the pulse of digital transformation in Michigan and beyond.
