If critical infrastructure security isn’t already on the mind of U.S. businesses, it will be soon. On May 12, 2021, President Biden issued an executive order on improving the nation’s cybersecurity. As the order stated: “It is the policy of my Administration that the prevention, detection, assessment, and remediation of cyber incidents is a top priority and essential to national and economic security.”
This order is the latest in a series of government directives focusing on critical infrastructure security. Each can trace its heritage back to 1996, when President Clinton signed Executive Order 13010, which established a national commission on critical infrastructure.
Presidents come and go. Regulations change. But the trend over the past two decades, in America and beyond,has been towards requiring more protection, not less. And the government is extending regulations into industries that previously weren’t included. In fact, the U.S. Cybersecurity and Infrastructure Security Agency now classifies 16 critical infrastructure sectors.
Whether you’ve been working on beefing up your cybersecurity for a while or have recently been given directives, you may be wondering why these regulations continue to become more stringent—and what’s the easiest, most cost-effective way for your organization to achieve compliance.
Some organizations may have been surprised to learn that President Biden is expecting them to strengthen their cybersecurity. Defense organizations have always taken the greatest precautions to prevent cyberattacks. But why does cybersecurity matter in, say, agriculture? Because we’re in an age of fifth-generation warfare, in which countries will seek to win wars without firing a shot. Fifth-generation warfare techniques aim to disrupt daily life, cut off access to critical assets, and even topple economies as means of exerting influence.
Once you understand this, it’s not hard to see why critical infrastructure security is about protecting more than just preventing hostile parties from hacking into the U.S. Defense network.
The energy sector is an obvious area of vulnerability. An enemy could hack into the network of a major utility and cut off electricity to a major U.S. city. The longer power stays down the greater the chances of civil unrest, which would compound the original threat.
Consider also our nation’s water supply facilities. Major dams already have high levels of security. But what about smaller facilities in residential neighborhoods? These centers often have 100,000-gallon water tanks—and a supply of chlorine gas for treating the water. A hostile party could hack the network, gain physical access to the plant, and puncture a tank to spread chlorine gas over a town.
What about the food and agriculture sector? The mind goes immediately to the idea of a hostile party contaminating the food supply. But here’s another angle: a foreign enemy hacks into a food supplier’s systems and finds out that the supplier has increased its delivery of groceries to a certain Army base by 20 percent in the last year. The enemy can now reasonably assume that this base has 20 percent more troops than before—classified information that could give the enemy a strategic advantage.
As previously mentioned, the defense sector has always devoted significant resources to cybersecurity. However, other sectors of our economy have been caught off guard by the executive order and the requirements it puts in place. Your organization may be in one of these sectors. How can you implement security tools to adhere to stringent critical infrastructure security tools in place without bursting your budget?
Whereas 20 years ago only the best-funded organizations could afford strong cybersecurity, we’re now seeing a democratization of advanced cybersecurity tools. For example, you can protect your assets and meet government regulations with Cocoon Data’s file sharing solution. It’s easy to use and designed to be affordable for businesses, defense organizations, and government entities of all sizes.
Find out how Cocoon Data can help your organization achieve the requirements defined in CMMC.
Book a call