Shoring Up Water Security: Industry Leaders Testify Before Congress
The House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection recently brought together industry leaders and stakeholders to discuss the urgent need for protective measures, baseline cybersecurity standards and collaboration initiatives to fortify the nation’s critical water systems. Here’s what you need to know.
Recent trends highlight a disturbing reality: cyberattacks targeting U.S. water infrastructure are escalating at an alarming rate. As our reliance on digital systems grows, so does the susceptibility of the foundational infrastructure that sustains our daily lives. On February 6, Marty Edwards, Deputy Chief Technology Officer for Operational Technology (OT) and Internet of Things (IoT) for Tenable, appeared as a witness before the House Homeland Security Committee’s Subcommittee on Cybersecurity and Infrastructure Protection. The hearing, titled “Securing Operational Technology: A Deep Dive into the Water Sector,” brought together key industry stakeholders to address the increased cyber threats targeting the water sector and to deliberate on the steps Congress should undertake to fortify the nation’s water and wastewater systems.
Edwards shared valuable insights during the hearing, emphasizing the operational challenges and potential solutions from an OT perspective. His testimony underscored the critical need for a proactive approach, baseline cybersecurity standards, and the importance of addressing IT and OT challenges simultaneously.
He also shed light on the importance of initiatives like the U.S. Cybersecurity Infrastructure Agency’s (CISA) Joint Cyber Defense Collaborative (JCDC) in fostering collaboration and information sharing. “From Tenable's perspective, there's no doubt that the JCDC provides significant value, particularly when CISA focuses on the operational aspects of information sharing related to current or emerging threats,” highlighted Edwards.
Edwards emphasized the persistent struggle with decades-old OT across critical infrastructure. He recommended incorporating cybersecurity requirements in all federal infrastructure grant projects. “We need to make sure that we’re defining the cybersecurity objectives in the project and then measuring them with metrics and key performance indicators,” Edwards stated.
The critical need to fortify OT security, especially within the water sector, was the top priority in the room. As we navigate an ever-evolving threat landscape, Edwards and fellow witnesses have laid the groundwork for a collaborative, proactive approach—a collective call to action to safeguard our critical infrastructure against emerging threats.
For more information about the hearing, you can visit its main page, which has links to the participants’ prepared remarks, including Edwards’ statement.
To learn how Tenable helps secure water and other critical infrastructure, download our solution brief or request a demo of Tenable OT Security.
Related Articles
Cybersecurity Snapshot: NIST Program Probes AI Cyber and Privacy Risks, as U.S. Gov’t Tackles Automotive IoT Threat from Russia, China
September 27, 2024A new NIST program will revise security frameworks like NIST’s CSF as AI risks intensify. Plus, the U.S. may ban cars with Russian and Chinese IoT components. Meanwhile, the CSA adds AI insights to its zero trust guide. And get the latest on cybersecurity budgets, SBOMs and the Ghost cybercrime platform!
Cybersecurity Snapshot: Critical Infrastructure Orgs Found Vulnerable to Basic Hacks, While New MITRE Tool Uses ML to Predict Attack Chains
September 20, 2024Report finds that many critical infrastructure networks can be breached using simple attacks. Plus, a new MITRE Engenuity tool uses machine learning to infer attack sequences. Meanwhile, CISA will lead a project to standardize civilian agencies’ cyber operations. And get the latest on XSS vulnerabilities, CIS Benchmarks and a China-backed botnet’s takedown!
Cybersecurity Snapshot: Russia-backed Hackers Aim at Critical Infrastructure Orgs, as Crypto Fraud Balloons
September 13, 2024Critical infrastructure operators must beware of Russian military hacking groups. Plus, cyber scammers are having a field day with crypto fraud. Meanwhile, AI and cloud vendors face stricter reporting regulations in the U.S. And get the latest on AI-model risk management and on cybersecurity understaffing!
Cybersecurity Snapshot: NIST Program Probes AI Cyber and Privacy Risks, as U.S. Gov’t Tackles Automotive IoT Threat from Russia, China
September 27, 2024A new NIST program will revise security frameworks like NIST’s CSF as AI risks intensify. Plus, the U.S. may ban cars with Russian and Chinese IoT components. Meanwhile, the CSA adds AI insights to its zero trust guide. And get the latest on cybersecurity budgets, SBOMs and the Ghost cybercrime platform!
CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177: Frequently Asked Questions About Common UNIX Printing System (CUPS) Vulnerabilities
September 26, 2024Frequently asked questions about multiple vulnerabilities in the Common UNIX Printing System (CUPS) that were disclosed as zero-days on September 26.
Establishing a Cloud Security Program: Best Practices and Lessons Learned
September 26, 2024As we’ve developed Tenable’s cloud security program, we in the Infosec team have asked many questions and faced interesting challenges. Along the way, we’ve learned valuable lessons and incorporated key best practices. In this blog, we’ll discuss how we’ve approached implementing our cloud security program using Tenable Cloud Security, and share recommendations that you may find helpful.
- IT/OT
- Federal
- Government
- OT Security
- Public Policy