Tag Archives: NSA

Critical Infrastructure in Cybersecurity: Modernizing the Electric and Utilities Sector

Posted on by
Reply

After the ransomware attack on Colonial Pipeline in 2021 and other notable events, the presidential administration has diligently worked to improve the cybersecurity posture of critical infrastructure in the United States. Several Government agencies, such as the Department of Energy (DOE) Cybersecurity, Energy Security and Emergency Response (CESER), the National Security Agency (NSA), Cybersecurity Infrastructure Security Agency (CISA), and private sector Electric & Utility Industry have joined to refine and boost cybersecurity in the Electric and Utilities sector.

Standards for the Electric and Utility Sector

Since 2021, the White House has put forth the National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems, an initiative that aims to safeguard the critical infrastructure of the nation. The Memorandum specifies that the Electricity Subsector was the pilot effort in its Initiative. In acknowledgement of the Memorandum, at least 150 electric utilities have or will adopt operational technology (OT) and Industrial Control Systems (ICS) security and improved the visibility, detection and monitoring of critical electricity networks. Further reinforcing the memo, in March of 2023, the Presidential Administration announced a national cybersecurity strategy that strives to create a secure digital ecosystem reinforced with the National Cybersecurity Strategy.

Control systems experts that work with DOE CESER, CISA and the NSA have developed a set of ICS security considerations. These considerations aim to enhance and monitor the detection, mitigation and forensic capabilities for OT owners and operators.

The ICS/OT cybersecurity evaluating and monitoring technology guidelines are recommendations rather than mandates. They include but are not limited to:

  • Building technology for ICS networks with integration compatibility for ICS protocols and communications
  • Adding sensor-based continuous network cybersecurity monitoring, detection and facilitation of response capabilities for both ICS and OT
  • Creating a collective defense capability framework for software so that Federal Government partners and trusted organizations can share insights and detections
  • Utilizing passive deployment and isolation technologies to protect sensitive information
  • Securing technology against access credential misuse[1]

These guidelines aim to improve system security and visibility with Government partners.

Carahsoft Cybersecurity for Utilities Blog 3 Embedded Image 2023Financing the Security Movement

To help fulfill the National Security Memorandum promise, the current administration has released the Bipartisan Infrastructure Law, which authorizes up to $250 million to enhance the cybersecurity resilience of rural, municipal, and small private electric utilities. The Rural and Municipal Utility Advanced Cybersecurity Grant and Technical Assistance (RMUC) Program has utilized the law to help improve energy systems, processes, assets, incident response and cybersecurity skills in eligible agencies within the utility workforce. Nearly one in six Americans live in remote or rural communities with inadequate funding and infrastructure for updated technology and modern systems.[2] The RMUC Program pledges financial and technical assistance to help these communities, as well as small investor-owned electric utilities, to improve vital security functions such as operational capabilities and to provide cybersecurity services access and threat-sharing programs.  In August 2023, the program pledged a prize pool of $8.96 million dollars in competitive funding and technical assistance to enable municipal and small investor-owned utilities to advance their training and cybersecurity.[3]

By ensuring secure and reliable power to all customers, RMUC will help finance cybersecurity, as well as help fulfill another of the current administration’s goals of a net-zero carbon economy by 2050.

Cleaning Up Energy

In developing the clean energy sector, the Administration aims to mold the digital ecosystem to be more defensible, resilient and aligned with American values. This strategy will invest in the future by defending the energy sector and reinforcing clean-energy critical infrastructures.[4] To aid in the battle for clean energy through cybersecurity innovation, Clean Energy Cybersecurity Accelerator (CECA) will make cybersecurity accessible via collaboration with public and private expertise. To do so, CECA will assess all ICS assets that are connected to a utility’s infrastructure. Any ICS with potential wide-reaching impact is evaluated against physical and virtual attacks in a test lab, allowing CECA to mend any security holes. Aiming to achieve carbon-free electricity by 2035, the DOE has announced hundreds of funding opportunities, including funding for the Fossil Energy and Carbon Management (FECM) office.[5]

Through the collaboration of several key Government agencies and the tech industry, the Electric and Utilities sector is on the way to being secure, reliable and accessible to all.

The first two parts of this four-part blog series covered the basics of critical infrastructure cybersecurity, as well as an overview of the Water and Wastewater Sector. Following this third part, the fourth and final blog will dive deeper into the Transportation sector.

 

To learn more about how agencies can bolster their cybersecurity efforts within critical infrastructure, visit Carahsoft’s Cybersecurity Solutions Portfolio.

Sources

[1] “Considerations for ICS/OT Cybersecurity Monitoring Technologies,” Office of Cybersecurity, Energy Security and Emergency Response, https://www.energy.gov/ceser/considerations-icsot-cybersecurity-monitoring-technologies

[2] “Biden-Harris Administration Launches $250 Million Program to Strengthen Energy Security for Rural Communities,” Department of Energy, https://www.energy.gov/articles/biden-harris-administration-launches-250-million-program-strengthen-energy-security-rural

[3] “New Prize Supports Rural and Municipal Utilities in Strengthening Cybersecurity Posture,” NREL, https://www.nrel.gov/news/program/2023/new-prize-supports-rural-and-municipal-utilities-in-strengthening-cybersecurity-posture.html

[4] “Fact Sheet: Biden-Harris Administration Announces National Cybersecurity Strategy,” The White House, https://www.whitehouse.gov/briefing-room/statements-releases/2023/03/02/fact-sheet-biden-harris-administration-announces-national-cybersecurity-strategy/

[5] “Funding Notice: Critical Materials Innovation, Efficiency and Alternatives,” Energy.gov: Office of Fossil Energy and Carbon Management, https://www.energy.gov/fecm/funding-notice-critical-materials-innovation-efficiency-and-alternatives

Powering Secure Federal R&D Collaboration with Box

Posted on by
Reply

The federal government funds about 22% of US research and development (R&D), with $708 billion spent in 2020 alone.

It’s an enormous — and critical— expense, driving innovation across dozens of industries, economic growth, breakthroughs, and even scientific discoveries. And the effective exchange of ideas between researchers across academic fields and disciplines is what makes it all possible.

Research areas like renewable energy, national defense, transportation, communication, and the environment are intrinsic to US security and prosperity. That leaves no time for outdated software, poor R&D collaboration practices and unreliable budget allocations.

Box Powering Secure R&D Collaboration Blog Embedded Image 2022

You need real-time, secure collaboration inside and outside organizations — across research teams, universities and industries. With the Content Cloud, federal agencies get a secure, digital content platform to share and edit documents, presentations, spreadsheets and other unstructured content in real time. Box brings teams together – both inside and outside the agency – with a secure content layer for unstructured data across every application.

Moving beyond storage solutions to a content platform

Many agencies are in different stages of their cloud journey and use different technologies such as Microsoft Office 365, Google, or single task software applications to perform similar tasks. Researchers, when faced with ineffective tools, often download unsanctioned file-sharing collaboration platforms to compensate in order to get their jobs done.

Box gives you a standardized platform to streamline and secure file sharing and settle on a true content strategy. With end users in mind, Box creates a seamless, easy-to-use environment that deploys quickly, so teams achieve their missions

Secure external collaboration

Before Box, teams lacked secure, compliant, and intuitive content collaboration tools. Agency employees resorted to legacy file transfer protocol (FTP) sites, email, USB, and other unsecured tools to share information.

That’s all changing. Box holds strong partnerships in the National Lab community to foster a productive R&D environment through a secure, user-friendly, standardized and governed platform. Working with organizations like the National Security Agency (NSA), the National Institute of Health (NIH), the Food and Drug Administration (FDA), NASA, the Department of Veterans Affairs (VA), and the Department of Defense (DoD), Box has improved workflows, created custom portals, streamlined external collaboration, and provided built-in, e-signature capabilities.

Securely connect your content across 1,500+ apps

For agency administrators, Box brings real-time control and visibility to the back end for auditing and reporting on all actions across the enterprise for IT organizations. Box comes standard with over 1,500 integrations, connectable through prebuilt APIs or development frameworks. An average government agency utilizes approximately 200 different software applications, all of which host data within their own silos, creating a chaotic and fragmented content problem for researchers. Agencies that move to the Content Cloud easily integrate these applications for seamless research experiences.

How the FDA leverages Box for secure collaboration

Box has partnered with the FDA since 2017, focusing on secure external data sharing and collaboration with different industry partners, medical institutions, and academic research universities across all FDA mission areas. During COVID, we saw a large uptick in Box usage as agencies transitioned to remote work. Box enabled secure data sharing between consumer safety officers and medical facilities to help support remote safety inspections for the Office of Regulatory Affairs.

How Box enables the NIH to securely share research

The National Institute of Health (NIH) and Box have partnered together for over seven years. Box is used extensively across all research teams and all 27 institutes and centers. Like many government and commercial organizations, the NIH faced remote work challenges. Our platform expedited its secure data sharing and external collaboration with academia and different research institutions for critical biomedical research. The ease of use (and the ability to support different types of content) allows researchers to view, share and edit reports and images. The IT team at NIH leverages our granular security and access controls, along with daily audits and reports about Box user activity.

NASA and Box elevate work with the Content Cloud

After a security sweep across its network, NASA found many unauthorized file sharing services and poor file sharing practices across its teams. To improve R&D collaboration security, in seeking solutions with strong security posture, the organization narrowed its search to a few vendors that included Box. Box then launched a pilot with NASA with a small group of users to secure its platform through the Authorization to Operate (ATO) process with NASA security teams to ensure all controls and standards in the Federal Information Security Modernization Act (FISMA) were achieved. After receiving positive feedback from its customer base and researchers, Box was adopted across NASA, which allowed them to examine and secure their network. Box is now the only collaboration platform approved for NASA employees to handle ITAR data.

Download Box’s Tech Spotlight , “Streamlining Secure Federal Research and Development Collaboration,” to learn about our secure digital content platform and data sharing best practices.