President Biden has signed a new cybersecurity Executive Order with the goal of protecting critical US infrastructure from ransomware and general cyberattacks. The executive order, coming in the wake of a series of major attacks targeting infrastructure (eg. Colonial Pipeline), offers voluntary cybersecurity standard measures for utility companies to adhere to, touching on areas including data encryption and two-factor authentication. Notably, this executive order also follows President Biden’s remarks to the Office of the Director of National Intelligence on Tuesday regarding state-sponsored cyberattacks: “If we end up in a war, a real shooting war with a major power, it’s going to be as a consequence of a cyberbreach of great consequence. And it’s increasing exponentially — the capabilities."
Commenting on this, Tim Mackey, Principal Security Strategist at the Synopsys Cybersecurity Research Centre, said "In the Memorandum, President Biden highlights the importance of both detecting threats, but also having the ability to measure threat activity against cybersecurity performance goals. It instructs the Secretary of Homeland Security to issue a preliminary set of goals for providers of critical infrastructure by 22 September, where those goals relate to threat visibility and indications of threat activity required to respond to any attempted compromise.
"While this Memorandum relates to critical infrastructure and its associated control systems and operational networks, the focus of the Memorandum has applicability to other business segments. Specifically, an assumption should be made that attacks are always possible, and that measuring threat activity requires a baseline from which to distinguish normal from abnormal. Organization that have performed threat models on their operations, but who haven’t defined processes to monitor for attempts to subvert compensating controls should take this opportunity to update their threat models."
Read the latest issue of World Pipelines magazine for pipeline news, project stories, industry insight and technical articles.
The July issue of World Pipelines includes a regional report on China’s major oil and gas pipeline projects, as well as technical articles on surface preparation, welding, vacuum lifting, inline inspection and more. Don’t miss our annual Pigging Services Directory, showcasing the latest in pigging products and services, along with pigging project updates.
Read the article online at: https://www.worldpipelines.com/business-news/03082021/synopsys-comments-on-new-us-cybersecurity-executive-order/