The top White House cybersecurity official is working with the Securities and Exchange Commission, as well as the Environmental Protection Agency, the energy sector and industrial control system specialists on a plan to protect critical infrastructure.
The operational technology, or OT, behind the systems that treat drinking water and run electric grids, subway systems and other essential services is a major source of concern as growing internet connectivity has increased their vulnerability to malicious hackers. Last month, an unidentified actor’s attempt to manipulate the chemical content in a Florida water treatment plant to dangerous levels provided a prominent example of how poor visibility into systems can cause not just digital, but physical harms, of tremendous scale.
“Because of the difference in mission impact, risks, threats and culture, a deliberate and specific OT cybersecurity approach is required to secure our industrial infrastructure,” Anne Neuberger, deputy national security adviser for cyber and emerging technology, said.
Neuberger spoke Friday during a virtual summit on industrial control system security hosted by the SANS Institute, which she thanked for already contributing to the plan and promoting security in the sector.
“If you can't see a network, you can't defend a network, and if you can't see a network quickly, you certainly don't have a prayer of defending the network. And that applies, as we said, to both IT and OT,” Neuberger said.
The initial scope of the plan will focus on operational technology that affects the largest numbers of Americans or have an impact on national defense, gas, electricity, pipeline, water and chemical systems, Neuberger said, noting collaboration with the Environmental Protection Agency, and Tom Fanning, CEO of Southern Company and a leading representative of the priv ..