Why the Government is getting more involved with regulating Cybersecurity
Yesterday the current presidential administration announced that they are extending the Industrial Control Systems cybersecurity initiative to include the Water Sector. Currently, this initiative, which you can get the full details on here, is voluntary for the water sector. That being said, it is likely that these regulations could become mandatory and be enforced similar to the pipeline sector.
So what is driving this push for increased regulation? For those of you who are not up to date on why the government is increasing regulations, we have been covering this topic and you can read more about it on our blogs from last year. To sum it up shortly there was a high number of costly and high-profile cybersecurity incidents, like the colonial pipeline attack, this past year. Following these incidents, the government has slowly but surely begun to realize just how vulnerable U.S. infrastructure and the larger business community are to cyber-attacks.
Put simply the real-world consequences of cyber-attacks have gone past being purely monetary. Stricter cybersecurity regulations are something the IT and Cybersecurity communities have been advocates of for years. So, this is welcome news and frankly long overdue! But as the saying goes it’s better late than never.
How this impacts you and what you can do about it
In the short term, this means that if you are not already it’s time to invest in strengthening your security posture. Although this is not mandatory today, it is likely that it will be in the near future. So you may as well beat the rush when it does become mandatory, and reap some benefits along the way.
To solidify your posture we recommend you implement what is known as zero-trust security. As the name implies this model seeks to build in security checks and balances for every user, system, and piece of technology in your organization. Depending on what protections you currently have this can be quite the undertaking.
No need to worry that is why we are here, to help you get the most out of your technology. We work with you to make commonsense decisions around security that keep you protected and don’t require a security certification to understand. These are the core protections we recommend for all of our clients:
- Multi-Factor Authentication: Using a method of authentication in addition to your password when logging into key systems.
- Security Awareness Training: Automated testing and training of staff to bolster human awareness to identify security threats and phishing attempts.
- DNS filtering: Organization-wide internet filtering preventing traffic to known malicious sites.
- Advanced Endpoint Protection: Behavior-based endpoint software with 24/7 monitoring by a security team.
- Dark Web Monitoring: Consistent monitoring of compromised usernames and passwords being sold in the digital black market.