Tag Archives: IoT and OT

Tightening Federal OT Cyber Incident Reporting For Critical Infrastructure

Posted on by
Reply

Process-Oriented OT Cybersecurity with SIGA

Federal agencies and regulated operators of critical infrastructure are entering a new phase in operational technology (OT) cybersecurity. While many sectors have long followed voluntary guidance such as the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-82 Revision 3, recent years have seen a steady tightening of Federal cyber incident reporting requirements for critical infrastructure. This trend continues in 2025 with additional sector-specific rules taking effect and the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) moving toward its final rule.

From Guidance to Requirements

Federal oversight of OT cybersecurity has moved beyond broad guidelines into a phase where specific reporting obligations are being set by sector. The shift reflects a growing emphasis on timely and consistent incident data that can be used for coordinated national response.

In 2025, several key developments are shaping the landscape:

Federal OT Cyber Incident Reporting, blog, embedded image, 2025
  • Pipelines: The Transportation Security Administration (TSA) Security Directive Pipeline-2021-02F, effective May 3, 2025, continues to require mitigation measures, testing and contingency planning for pipeline operators. These measures have been in place since the Colonial Pipeline incident and are now firmly embedded in regulatory practice.
  • Water and Wastewater: The EPA Water Sector Cybersecurity Program has updated its technical assistance and incident-response guidance. While participation is voluntary, the program mirrors many of the practices found in regulated sectors, indicating where expectations are headed.
  • CIRCIA: The Act is expected to be finalized in late 2025. Once in effect, it will require reporting significant incidents within 72 hours and ransomware payments within 24 hours, creating a cross-sector Federal baseline for incident reporting.

For Public Sector operators in energy, transportation, water and other essential services, these actions confirm that Federal expectations are moving toward consistent, evidence-based incident reporting across critical infrastructure.

The Reporting Challenge in OT Environments

Meeting Federal reporting requirements depends not only on having the right policies in place but also on the ability to detect and verify incidents quickly. In OT environments, many cyber events start as small changes in process behavior that do not appear in traditional network monitoring. When these early signs go unnoticed, agencies may be unable to confirm the incident, assess its impact or provide the detailed operational evidence that regulators require.

In the Purdue Enterprise Reference Architecture (commonly referred to as the Purdue Model), Level Zero refers to the lowest layer of an industrial control system. This is where raw input and output (I/O) signals from field devices report the actual status of equipment such as pumps, valves, circuit breakers and turbines. These electrical signals are the first and most reliable indicators of what is happening in a physical process, and they exist independently of the network data that higher levels use.

Without visibility into Level Zero, operators face several obstacles:

  • Difficulty confirming whether a cyber event has actually affected operations
  • Limited ability to quantify operational and safety impacts with precision
  • Gaps in the time-stamped evidence needed to meet short Federal reporting windows

The challenge is heightened in environments that mix aging legacy systems with modernized control platforms. These environments often lack unified monitoring, making it harder to capture the unaltered operational data regulators now expect.

Why Process-Oriented OT Cybersecurity Matters

In the Purdue Model, Level Zero is the process interface where the control system reads and drives raw I/O signals. Those unprocessed signals provide the closest, most reliable view of real operating conditions, so early signs of a cyber-physical impact frequently show up there first.

Process-oriented OT cybersecurity focuses on monitoring these raw signals in real time. By capturing them out of band from the operational network, agencies gain a trusted source of truth that cannot be spoofed or altered by a network-based attack. This data enables:

  • Clear timelines of operational changes before, during and after an incident
  • Early detection of anomalies that may indicate tampering or failure
  • Reliable forensic evidence for post-incident reporting and compliance audits

This approach bridges the gap between traditional IT security tools and the operational realities of critical infrastructure, ensuring that reporting requirements can be met with both speed and accuracy.

SIGA’s Role in Compliance Readiness

SIGA delivers process-oriented OT cybersecurity for critical infrastructure. SigaGuard connects directly to control-system I/O modules and continuously monitors raw electrical signals at Level 0, entirely out of band from the operational network. This preserves system performance and provides a tamper-proof view of operational data.

SigaGuardX: Early Threat Detection
SigaGuardX supports evidence-based determination of when a cyber event is underway. It classifies whether activity reflects normal operations or an OT cyber breach by applying multiple artificial intelligence (AI) models and cross-referencing the MITRE database of known attacks. It also performs real-time comparisons between Level 0 signal behavior and data from Levels 1 through 4 to surface possible false-data injection attacks, including Stuxnet-like patterns.

Siga-PAS: Process Attack Simulation
Software-based simulated anomalies replicate real-world attack scenarios. Siga-PAS enables agencies to prepare for and respond to OT-specific threats without disrupting ongoing operations, while validating detection logic, incident playbooks and reporting workflows.

Compliance Outcomes

  • High-fidelity operational evidence that aligns with CIRCIA and sector-specific reporting requirements
  • Regulator-ready forensic records of sequence, scope and impact
  • Faster reporting through actionable alerts with operational context
  • Rapid verification of whether a cyber event affected critical processes

By integrating SIGA’s Level 0 monitoring into existing security operations, agencies can meet tightening Federal reporting requirements and improve their ability to detect, contain and recover from OT cyber incidents. This strengthens both regulatory compliance and the continuity of essential public services.

Visit Carahsoft’s SIGA solutions page to learn more about how SIGA’s cyber-physical security solutions can strengthen your agency’s infrastructure.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including SIGA, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Top Upcoming 5G Events for Government to Attend

Posted on by
Reply

Secure Public Sector networks with 5G wireless technology delivers high-speed wireless connectivity, faster data rates and lower latency for systems and communities across the nation. This next-generation mobile network enables the expansion of virtual reality (VR) and the Internet of Things (IoT) solutions. While many successful use cases have recently emerged showcasing the power of 5G in Government, Carahsoft partners are supporting agencies by providing powerful cellular networks and maintaining reliable mobile connections to achieve mission success without compromising security within workflows. 

Explore more ways to leverage Carahsoft and our partners through our various upcoming Government events. Learn about acceleration of real-time delivery from devices, increased adoption of AI and multiaccess edge computing technologies (MEC) and other innovations from leading 5G technology service providers. 

5G Summit 

August 22 | Reston, VA 

5G networks have become more common over the past few years. One study found that 5G’s worldwide share of mobile data traffic in 2021 was about 10% – but expected to grow to 60% by 2027. Government agencies are more selective when it comes to adopting 5G for their networks, partially due to higher costs associated with deploying such networks as well as unique requirements very large organizations such as the Department of Defense pose. Join thought leaders from Government and industry as they outline developments in 5G network rollouts at agencies and the ways 5G can be harnessed to open new opportunities to meet agencies’ various missions. 

Sessions to look out for: 

  • 5G is at the Heart of CJADC2 
  • 5G’s Role in Modernization 
  • The Future of 5G Technology in Government 

Carahsoft is hosting this year’s 5G Summit alongside FedInsider, Cradlepoint, Nokia, Intel, T-Mobile, and Dell Technologies providing the latest management news from inside the Government. 

T-Mobile Tech Experience: 5G Hub 

August 27 | Bellevue, WA 

Carahsoft Top 5G Events Blog Embedded Image 2024

Inaugurated in 2016, the Tech Experience has set out to create innovative and engaging experiences to inspire the industry to turn concepts into tangible, transformative solutions. The T-Mobile 5G Hub offers opportunities to meet with engineers, immerse in technology demonstrations and gain other valuable resources. At the event, hear directly from project partners about the successful projects crafted within the 5G Hub, explore video testimonials showcasing T-Mobile’s facilities, technology, expertise and partnerships, and get ready to participate in ample networking sessions. 

Carahsoft partners AWS, Dell Technologies, Nokia, Ericsson, Microsoft, Google Cloud and Qualcomm will be featured at the 2024 T-Mobile Tech Experience. 

ATARC Federal Mobility Summit 

September 19 | Reston, VA 

ATARC, the Advanced Technology Academic Research Center, and Carahsoft invite attendees to a day full of networking, innovation and collaboration within the world of federal mobility. At the Federal Mobility Summit, industry experts and leaders in Government will explore the latest trends and updates in mobile technology such as security, Zero Trust, acquisition, best practices and emerging solutions. Connect with peers and gain valuable insights into the future of mobility in the federal sector.  

Sessions to look out for: 

  • Securing Mobile Technologies: Identity, Zero Trust, and Threats 
  • Navigating Mobile Acquisitions: Strategies and Best Practices 
  • Next-Generation Networks: 5G, 6G, and Their Impact 
  • Mission Enablement: Tools and Technologies for Success 

Carahsoft is proud to host the Federal Mobility Summit at our office in Reston, Virginia and holds an ATARC membership, immersing further into the Federal IT community. 

Open RAN GLOBAL FORUM 

September 24 | Virtual 

Open RAN, or Open Radio Access Network, is an evolving shift of industry standards and mobile architecture so that service providers can use equipment from multiple vendors while ensuring interoperability. The Open RAN Global Forum brings industry experts and Government together to delve into the latest updates for Open RAN including the role Open RAN will play in 6G, focusing on energy-efficient, AI-driven and customizable technology. Featuring interviews, live discussions and demos, attendees will learn more about adoption challenges and progress surrounding tier-one telecom operators’ roadmaps. Other key themes featured at this year’s event include examining the growth of AI and automation in RIC, exploring Open RAN economics and capitalization opportunities, testing and reducing energy consumption and more. 

Carahsoft partners and mobile carries Verizon and T-Mobile will be featured at Open RAN GLOBAL FORUM. 

Mobile World Congress 

October 8-10 | Las Vegas, Nevada 

Prepare for the new era of hyperconnected business and smart cities or procure technology that can be deployed right now to make legacy systems and existing processes faster, easier and more resilient with industrial-grade 5G. At Mobile World Congress, explore technology themes like enterprise transformation, AI networks and 5G EdgeCloud with 5G leaders, architects and systems integrators, as well as CIOs from successful 5G enterprises, and discover how this technology can solve today’s biggest industry challenges.  

Carahsoft partners Verizon, Qualcomm and Microsoft will be featured at this year’s MWC. 

5G Round Table Webinar Series 

October 3 & November 14 | Virtual 

This fall, join us for two 5G Round Table sessions featuring real-world insights from Intel and T-Mobile. Hear from thought leaders from Government and industry outlining developments in 5G network rollouts at agencies and the ways 5G can be harnessed to open new opportunities to meet agencies’ unique missions. 

Carahsoft will be hosting this event alongside FedInsider. CPE credits will be provided for qualified participants. 

AutoCon 2 

November 18-22 | Denver, CO 

Full adoption of network automation is a continuous challenge for the mobility community that innovators at AUTOCON 2 hope to discover a solution for. The first, single, in-person event was a foundational moment for collaborators to advance the state of automated network operations. Now, the founders of the event are working to grow AutoCon into a recurring series of practitioner-focused events. This fall’s event will feature informational conference sessions, workshops and networking opportunities. 

Carahsoft partners Nokia and Arista will be featured at AUTOCON 2. 

Carahsoft’s 5G Podcast Series 

Multiple Events | Virtual 

Carahsoft’s podcast series dives into the world of 5G technology solutions, featuring expert insights from industry leaders. Explore sessions on the strategic advantages and key technologies for 5G, relevant applications of 5G for Federal, State and Local Governments and specific agency use cases such as the transformative success stories, learning curves and future objectives of 5G for the Department of Defense. Don’t miss out on this opportunity to impact the power and possibilities of 5G technology.  

To learn more or get involved in any of the above events please contact us at 5G@carahsoft.com. For more information on Carahsoft and our industry leading Cybersecurity technology partners’ events, visit our 5G Solutions Portfolio and 5G Events page.  

The Basics of Cybersecurity for Critical Infrastructure

Posted on by
Reply

In July 2021, the presidential administration signed a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems. As these systems are a part of daily life, any damage to them would be a significant threat to national security. To prevent a national crisis, the administration launched an effort to improve cybersecurity across critical infrastructure sectors. The first part of this four-part blog series will cover the basics of critical infrastructure cybersecurity. Subsequent blogs will dive deeper into the Water and Wastewater, Electric and Utility and Transportation sectors respectively.

Carahsoft Cybersecurity for Critical Infrastructure Blog 1 Embedded Image 2023Realities of Critical Infrastructure Environments

Increasing Industrial Control Systems (ICS) security ranks is a top priority to protect critical US infrastructure and national security. ICS is an information system that is used to control industrial processes such as manufacturing, product handling, production and distribution. These information systems can face a variety of threats from foreign and national bad actors who aim to gather intelligence and disrupt critical functions. With evolving technology, ICS operators must ensure that they implement new cybersecurity functions when connecting Operational Technology (OT) and Internet of Things (IoT) devices to Information Technology (IT) systems.

Best security practices for ICS include:

  • Restricting logical access to the system’s network and activity through protections such as firewalls to pause network traffic
  • Implementing unidirectional gates
  • Restricting physical access to the ICS devices and network to avoid disruptions to the system’s functionality
  • Securing all ICS individual components
  • Protecting against unauthorized data changes through network oversight
  • Having a response plan for potential incidents[1]

CISA’s Cybersecurity Performance Goals

Section 4 of the National Security Memorandum required the Department of Homeland Security to create baseline cybersecurity guidelines.

To further advance this, the Cybersecurity and Infrastructure Security Agency (CISA) has released a number of initiatives for agencies to implement that would strengthen their security systems. Every day, CISA works with ICS asset owners and operators to help them identify, protect against and detect cybersecurity threats, as well as to enhance ICS technical, analytical and response capabilities. CISA is working hard with critical infrastructure organizations to improve on the common issues they see, including:

  • Without basic security protections and foundational measures, critical infrastructure systems are vulnerable to exploit by methods that are easily preventable.
  • Limitation of resources continues to be a challenge for small- and medium-sized organizations.
  • There are inconsistencies in the standards for cyber maturity across the various critical infrastructure sectors, leaving security gaps that can be exploited.
  • Cybersecurity in IT systems are prioritized, leaving OT systems overlooked and outdated.

CISA offers a wide array of resources to help critical infrastructure organizations. These include the 2022 Cybersecurity Performance Goals—the CPGs. The CPGs are intended to be both voluntary and not comprehensive. It is not a mandated act for agencies to implement, nor does it consist of every helpful cybersecurity practice for every organization. Rather, they are intended as a beginner guideline that can be communicated to a non-technical audience. The CPGs were set as a baseline set of cybersecurity practices that are broadly applicable across critical infrastructure and have known risk-reduction value for IT and OT owners. And lastly, the CPGs stand out from other control frameworks by not only considering practices that address risk to individual entities, but also the aggregate risk to the nation.[2]

The Cross-Sector Cybersecurity Performance Goals provide a set of IT and OT cybersecurity practices that will help organizations increase cyber resilience in their Critical Infrastructure systems. CISA has organized the practices into 8 categories:

  • Account Security
  • Device Security
  • Data Security
  • Governance and Training
  • Vulnerability Management
  • Supply Chain / Third Party
  • Response and Recovery
  • Other

In March 2023 CISA released and updated version of the CPGs to include a key updates from the October 2022 guidelines.

  • The CPGs have been reordered to fit the NIST CSF functions, and accompanying documents have been adjusted to reflect this.
  • The Multifactor Authentication (MFA) goal has been updated to reflect the most recent CISA guidelines.
  • To aid in organizations’ recovery planning, CISA added a goal based around GitHub feedback.
  • There were slight changes made to the glossary to not only reflect the previously listed changes, but to acknowledge additional stakeholders who’ve contributed to the guidelines.

To better connect with the greater community, there are now additional opportunities to provide input on the goals CISA discussion page. CISA welcomes feedback from partners in cybersecurity and critical infrastructure communities.

Check back to read our second installment of this critical infrastructure series that will cover the best cybersecurity practices in the water and wastewater sectors.

 

To learn more about protecting agencies against cyber-attacks, visit Carahsoft’s Cybersecurity Solutions Portfolio.

 

Resources:

[1] “Recommended Cybersecurity Practices for Industrial Control Systems,” CISA, https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf

[2] “Cross-Sector Cybersecurity Performance Goals,” CISA, https://www.cisa.gov/cross-sector-cybersecurity-performance-goals