The US Cybersecurity and Infrastructure Security Agency (CISA) recently announced the 2024 cybersecurity priorities for the Joint Cyber Defense Collaborative (JCDC). The six priorities are grouped into three focus areas designed to harmonize cybersecurity goals and efforts across government and industry partnerships for critical infrastructure protection. At first glance, it may seem that these priorities lack correlation to your day-to-day operational activities. Here are practical cybersecurity recommendations to align your operational technology (OT) cybersecurity strategy to the JCDC priorities that will improve your cybersecurity resiliency.

Focus 1: Defend Against Advanced Persistent Threat (APT) Operations

  • Priority 1: Discover and defend against malicious abuse by APT actors, particularly those backed by the People’s Republic of China, on and against US-based infrastructure.
    • Recommendation: Leverage external threat intelligence service providers focused on critical infrastructure industries and nation-state threat actors. These solutions deliver indicators of compromise that can be ingested into cybersecurity technologies such as firewalls and security event and information management, improving the protection against and detection of cyberthreats. They also provide the tactics, techniques, and procedures used by threat actors improving vulnerability prioritization, threat hunting, and incident response capabilities. Having the right intelligence facilitates better decision-making and enables you to improve threat detection and response.
  • Priority 2: Prepare for major cyber incidents.
    • Recommendation: It is said that practice makes perfect. Don’t strive for perfection, but practice your incident response procedures enough to become proficient. A major cyber attack against critical infrastructure operations can have catastrophic physical consequences to the environment, human safety, and availability of public services. Responding to a cyber incident in OT environments requires a different approach. An effective response involves seamless coordination between cyber, physical, and operations teams that can only become a reality if you practice incident response regularly. Conduct an annual exercise at a minimum, but a quarterly cadence is ideal.

Focus 2: Raise The Cybersecurity Baseline

  • Priority 3: Help state and local election officials secure their networks and infrastructure against cyber threats as part of the CISA’s broader election security efforts.
    • Recommendation: Even if you are not directly involved in the election infrastructure and mechanics, your organization still has a role in ensuring a fair and safe election process. Be aware of narrative attacks that use misinformation and disinformation in association with your company to manipulate perceptions. Update your threat intelligence program to monitor open and dark web sources for these types of attacks. Build into your incident response plan processes to quickly determine the accuracy of the information, and communicate the truth to minimize the impact to your brand and restore confidence in the election process.
  • Priority 4: Measurably decrease the impact of ransomware on critical infrastructure.
    • Recommendation: Ransomware surged in 2023 and shows no signs of slowing down. There is no quick fix to the ransomware threat, so organizations should focus on cybersecurity fundamentals, including investing in technologies designed for OT that address use cases such as asset discovery and identification. In parallel, deploy threat and anomaly detection tools while you build out the rest of your cybersecurity strategy. You should plan for a mix of passive and active scanning OT security solutions to increase coverage while minimizing disruptions.
  • Priority 5: Make measurable progress toward a world where technology is secure by design.
    • Recommendation: It would be easy to put the spotlight on developers and original equipment manufacturers (OEMs), but buyers bear responsibility, as well. Buyers must put pressure on OEMs by requiring stronger cybersecurity features such as robust access control, instead of waiting for regulations to drive change, and be willing to pay for it. Industrial automation devices have long lives in OT environments, so this change must start today.

Focus 3: Anticipate Emerging Technology And Risks

  • Priority 6: Decrease the risk posed by artificial intelligence to critical infrastructure.
    • Recommendation: Don’t worry about AI in OT environments right now and focus instead on securing cloud deployments. Cloud solutions may not be considered an emerging technology, but adoption is growing in OT environments and poses a significant risk to critical infrastructure operations. This requires implementing a robust cloud governance regime, requiring mandatory security instrumentation, and tooling into all cloud workloads. Embed security into cloud deployments from the start to realize the advantages that cloud has to offer while minimizing risks.