The bipartisan infrastructure law has kickstarted a wide variety of projects nationwide. From rehabilitating bridges to building new roads to increasing public transportation options and more, changes are being seen in communities across the country. However, there is a big portion of infrastructure work that goes unseen – efforts to improve the cybersecurity of critical government sectors that supply key services to citizens.
This spring, the National Security Memorandum defined 16 critical infrastructure sectors and assigned sector risk management agencies to oversee their defense. The Cybersecurity and Infrastructure Security Agency is the operational lead for this effort to protect the cybersecurity of key infrastructure. With this focus, the government is ensuring the cybersecurity of the nation by land, water, and air.
Land
The Department of Energy is investing $45 million into a set of projects designed to shore up the cybersecurity of the electric grid and other energy infrastructure. Investments include improvements in threat detection techniques and authentication systems to make it harder for hackers to access and control power sources. This focus is in response to the 2021 hack of the Colonial Pipeline that forced operations to close for days in response to a Russia-linked ransomware attack impacting fuel supply up and down the East Coast.
The Farm and Food Cybersecurity Act addresses threats to our food supply. The Act would require the agriculture secretary to regularly survey the state of cyber vulnerabilities and threats to the food and agriculture sectors and work with major intelligence community officials to run simulation exercises for industry-disrupting cyberattacks.
Water
Water facilities are an attractive target for hackers looking to disrupt day-to-day life in the U.S. In January of 2024, a group infiltrated a Texas water facility, causing a system malfunction that forced a water tank to overflow and led to contamination fears. Since then, multiple alerts have indicated that water facilities remain susceptible to such threats.
In response, a bill has been introduced to create an entity to work alongside the Environmental Protection Agency to develop enforcement measures, ensuring that water treatment and wastewater systems meet cybersecurity requirements.
Air
The Federal Communications Commission (FCC) is overseeing work to remove Chinese-made components from the nation’s communications networks. The FCC began a “rip and replace” program to reimburse communications providers for the removal and replacement of devices made by two specific Chinese firms. A bill introduced this summer would increase funding for this program, ensuring that smaller, rural telecom providers would get the needed reimbursement to quickly and effectively rebuild their networks.
To stay up to date on how the national infrastructure is building cybersecurity defenses, check out these resources from GovWhitePapers and GovEvents.
- Personal Security Considerations Action Guide: Critical Infrastructure Workers (white paper) – In today’s current threat environment, remaining vigilant and taking responsibility for your personal security is crucial for all critical infrastructure workers—both on and off the job. Being mindful of any risks or threats associated with your line of work and following all safety procedures will help protect you, those close to you, and the infrastructure you serve.
- Addressing File Upload Challenges in Critical Infrastructure (white paper) – This paper is a deep dive into file upload challenges in critical infrastructure. It addresses web applications using file uploads, understanding file upload risks, weaknesses in common security tools, and solutions that solve those pain points.
- Top Cyber Actions for Securing Water Systems (white paper) – This paper highlights the top cyber actions water systems can take today to reduce cyber risk and improve resilience to cyberattacks and provides free services, resources, and tools to support these actions, which can be taken concurrently.
- Federal News Network’s Cyber Leaders Exchange 2024 (October 1-2, 2024; virtual) – The Federal News editorial team will sit down with cyber leaders and experts to dive deep into efforts across government to bring the White House cybersecurity vision to life and strengthen federal cyber capabilities.
- GridSecCon 2024 (October 22-25, 2024; Minneapolis, MN) – Join industry and government peers for three days of collaboration, networking, and expert training sessions on the threat landscape, effective threat mitigation programs, best practices, and more.
- OT Cybersecurity Summit (October 28-29, 2024; Houston, TX) – This event will bring together OT, operations, ICS, and cybersecurity leaders to discuss how to reduce system vulnerabilities and cyber threats across your OT operating environment.
Find more insight and examples of infrastructure cybersecurity by exploring GovWhitePapers and GovEvents.