Tightening Federal OT Cyber Incident Reporting For Critical Infrastructure

Posted on by Michael G. "Schu" Schumacher

Process-Oriented OT Cybersecurity with SIGA

Federal agencies and regulated operators of critical infrastructure are entering a new phase in operational technology (OT) cybersecurity. While many sectors have long followed voluntary guidance such as the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-82 Revision 3, recent years have seen a steady tightening of Federal cyber incident reporting requirements for critical infrastructure. This trend continues in 2025 with additional sector-specific rules taking effect and the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) moving toward its final rule.

From Guidance to Requirements

Federal oversight of OT cybersecurity has moved beyond broad guidelines into a phase where specific reporting obligations are being set by sector. The shift reflects a growing emphasis on timely and consistent incident data that can be used for coordinated national response.

In 2025, several key developments are shaping the landscape:

Federal OT Cyber Incident Reporting, blog, embedded image, 2025

Pipelines: The Transportation Security Administration (TSA) Security Directive Pipeline-2021-02F, effective May 3, 2025, continues to require mitigation measures, testing and contingency planning for pipeline operators. These measures have been in place since the Colonial Pipeline incident and are now firmly embedded in regulatory practice.
Water and Wastewater: The EPA Water Sector Cybersecurity Program has updated its technical assistance and incident-response guidance. While participation is voluntary, the program mirrors many of the practices found in regulated sectors, indicating where expectations are headed.
CIRCIA: The Act is expected to be finalized in late 2025. Once in effect, it will require reporting significant incidents within 72 hours and ransomware payments within 24 hours, creating a cross-sector Federal baseline for incident reporting.

For Public Sector operators in energy, transportation, water and other essential services, these actions confirm that Federal expectations are moving toward consistent, evidence-based incident reporting across critical infrastructure.

The Reporting Challenge in OT Environments

Meeting Federal reporting requirements depends not only on having the right policies in place but also on the ability to detect and verify incidents quickly. In OT environments, many cyber events start as small changes in process behavior that do not appear in traditional network monitoring. When these early signs go unnoticed, agencies may be unable to confirm the incident, assess its impact or provide the detailed operational evidence that regulators require.

In the Purdue Enterprise Reference Architecture (commonly referred to as the Purdue Model), Level Zero refers to the lowest layer of an industrial control system. This is where raw input and output (I/O) signals from field devices report the actual status of equipment such as pumps, valves, circuit breakers and turbines. These electrical signals are the first and most reliable indicators of what is happening in a physical process, and they exist independently of the network data that higher levels use.

Without visibility into Level Zero, operators face several obstacles:

Difficulty confirming whether a cyber event has actually affected operations
Limited ability to quantify operational and safety impacts with precision
Gaps in the time-stamped evidence needed to meet short Federal reporting windows

The challenge is heightened in environments that mix aging legacy systems with modernized control platforms. These environments often lack unified monitoring, making it harder to capture the unaltered operational data regulators now expect.

Why Process-Oriented OT Cybersecurity Matters

In the Purdue Model, Level Zero is the process interface where the control system reads and drives raw I/O signals. Those unprocessed signals provide the closest, most reliable view of real operating conditions, so early signs of a cyber-physical impact frequently show up there first.

Process-oriented OT cybersecurity focuses on monitoring these raw signals in real time. By capturing them out of band from the operational network, agencies gain a trusted source of truth that cannot be spoofed or altered by a network-based attack. This data enables:

Clear timelines of operational changes before, during and after an incident
Early detection of anomalies that may indicate tampering or failure
Reliable forensic evidence for post-incident reporting and compliance audits

This approach bridges the gap between traditional IT security tools and the operational realities of critical infrastructure, ensuring that reporting requirements can be met with both speed and accuracy.

SIGA’s Role in Compliance Readiness

SIGA delivers process-oriented OT cybersecurity for critical infrastructure. SigaGuard connects directly to control-system I/O modules and continuously monitors raw electrical signals at Level 0, entirely out of band from the operational network. This preserves system performance and provides a tamper-proof view of operational data.

SigaGuardX: Early Threat Detection
SigaGuardX supports evidence-based determination of when a cyber event is underway. It classifies whether activity reflects normal operations or an OT cyber breach by applying multiple artificial intelligence (AI) models and cross-referencing the MITRE database of known attacks. It also performs real-time comparisons between Level 0 signal behavior and data from Levels 1 through 4 to surface possible false-data injection attacks, including Stuxnet-like patterns.

Siga-PAS: Process Attack Simulation
Software-based simulated anomalies replicate real-world attack scenarios. Siga-PAS enables agencies to prepare for and respond to OT-specific threats without disrupting ongoing operations, while validating detection logic, incident playbooks and reporting workflows.

Compliance Outcomes

High-fidelity operational evidence that aligns with CIRCIA and sector-specific reporting requirements
Regulator-ready forensic records of sequence, scope and impact
Faster reporting through actionable alerts with operational context
Rapid verification of whether a cyber event affected critical processes

By integrating SIGA’s Level 0 monitoring into existing security operations, agencies can meet tightening Federal reporting requirements and improve their ability to detect, contain and recover from OT cyber incidents. This strengthens both regulatory compliance and the continuity of essential public services.

Visit Carahsoft’s SIGA solutions page to learn more about how SIGA’s cyber-physical security solutions can strengthen your agency’s infrastructure.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including SIGA, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Clear the Path to Rebuilding: Laserfiche Can Speed Up Permitting and Recovery

Posted on by Andy MacIsaac

The LA wildfires left behind more than just burned homes and scorched landscapes. They left thousands of residents waiting—waiting to rebuild, waiting for approvals, waiting for their lives to return to normal.

For local governments, the challenge is not about issuing permits; it’s about restoring hope and stability. And they need to do it as quickly as possible. But the traditional permitting process wasn’t designed for disasters. It’s slow, paper-heavy and frustrating for both officials and residents.

What if there was a way to cut through the backlog and get permits approved faster? Laserfiche is an industry-leading ECM platform that makes that possible.

When Every Day Counts

Imagine a homeowner who lost everything in the fire. They have insurance money ready, a contractor lined up and blueprints in hand. But before they can break ground, they need permits.

They submit their application, but local permitting offices are overwhelmed. Stacks of paperwork cover desks, phone lines are busy and approvals move at a snail’s pace. Weeks turn into months. Frustration builds.

Laserfiche Permitting and Recovery Blog Embedded Image 2025

Now, imagine a different scenario. The homeowner submits their permit online through a simple portal. The system automatically routes their application to the right department. Any missing information is flagged upfront. Officials review and approve it digitally, cutting out unnecessary back-and-forth. The homeowner gets their permit in days instead of weeks.

That’s the power of Laserfiche.

Make Permitting Faster and Easier

Laserfiche transforms outdated, manual permitting into a fast, automated process. This automation helps local governments do more with less and keep up with demand.

Digital Applications Instead of Paper Piles

Rather than requiring residents to stand in line at government offices, Laserfiche allows them to:

Submit applications and supporting documents online
Track their permit status in real time
Receive digital approvals without having to visit multiple offices

For government teams, this means fewer phone calls, fewer lost documents, and a smoother process from start to finish.

Streamline Workflows and Boost Efficiency with Automation After a wildfire, the volume of permit requests can overwhelm city staff. Laserfiche eliminates bottlenecks by:

Automatically routing applications to the right people for review
Sending notifications when approvals are needed
Setting up reminders so permits don’t get stuck in the system

This keeps things moving, reducing unnecessary delays and helping homeowners start rebuilding sooner.

Make Smarter Decisions with GIS

Rebuilding isn’t just about speed—it’s also about safety. Some areas may be too fire-prone to redevelop with standard building practices. Some properties may need extra environmental and safety reviews before construction can begin.

Laserfiche connects directly with Esri ArcGIS, allowing officials to:

Link permits and inspection reports to real-time maps
Identify high-risk zones and flag permits that need extra review
Track rebuilding progress across the entire community

By combining permitting data with GIS mapping, governments can make informed, responsible decisions. These decisions can help protect communities and property owners from future disasters.

Keeping Up with FEMA and State Requirements

For local governments, disaster recovery isn’t just about issuing permit. It is about making sure everything is documented to receive state and federal funding.

Laserfiche simplifies compliance by:

Storing all permit records in a centralized, searchable system
Automatically tracking approvals, inspections, and changes
Generating reports for FEMA and state agencies without digging through stacks of paper

This ensures local governments don’t miss out on critical funding due to missing paperwork or lost records.

Keep Communities Informed in the Recovery Process

For residents affected by wildfires or disaster, waiting for a permit can feel like waiting in the dark. When will their application be reviewed? Where does it stand in the process? What else do they need to provide?

Laserfiche helps keep communities informed by:

Enabling residents to check their permit status via a a public-facing portal
Making information easily accessible by streamlining public records requests
Improving collaboration between departments so everyone stays on the same page

When people know what’s happening, trust in the process grows—and so does confidence in their local government.

Rebuilding Faster, Together

The wildfires may have destroyed homes, but they didn’t destroy the spirit of the communities they touched. Local governments have the power to clear the way for faster rebuilding—and Laserfiche can help.

With content management, automated approvals, GIS integration, and better compliance tools, cities and counties can:

Reduce permit approval times from weeks to days
Prevent paperwork delays and lost documents
Ensure compliance with FEMA and state regulations
Speed up inspections and safe rebuilding efforts
Improve communication and transparency for residents

For families and business owners eager to rebuild, every day matters. The faster the permits are issued, the sooner construction begins, and the sooner life can return to normal.

Let’s Get Started

If your city or county is struggling with permitting delays after the wildfires, Laserfiche can help. Contact us today to see how our automation and workflow solutions can support your recovery efforts. See why Laserfiche is a Leader.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Laserfiche, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Leveraging Technology to Align with Environmental, Social and Governance Principles

Posted on by Jennifer Heath and Stephen Pyatt

Sustainability has evolved from a buzzword to a core element of facility management and corporate real estate. Facility managers and real estate leaders have a duty beyond regulations to meet Net Zero targets and reduce buildings’ environmental impact. Johnson Controls’ recent sustainability report highlighted that nearly 40% of global CO₂ emissions come from corporate real estate and office buildings, emphasizing the need to reduce emissions and energy use. Despite investments in smart building technologies and clean energy, global energy consumption and CO₂ emissions continue to rise. Embracing technology-driven sustainability helps facility managers optimize energy use, reduce emissions and create efficient, self-regulating buildings that align with Environmental, Social and Governance (ESG) principles.

Strengthening Risk Management with AI

FM:Systems Technology Environmental, Social and Governance Principles Blog Embedded Image 2024

As sustainability becomes a core focus in facility management, advancements in technology are reshaping how facilities are managed beyond environmental goals. Integrating artificial intelligence (AI) and smart building technology is now key to anticipating and responding to extreme events, like hurricanes, floods and earthquakes, adding a new layer to strategic management. The 2024 International Facility Management Association (IFMA) conference emphasized using building automation to assess facility vulnerabilities and centralized data to enable immediate, coordinated emergency responses.

AI also boosts operational safety and security by enhancing access tracking and visitor management. In emergencies such as fires or security threats, AI-driven solutions quickly identify occupants, aiding efficient evacuations with real-time alerts. These systems also support compliance with data privacy regulations like the General Data Protection Regulation (GDPR), ensuring strict data handling protocols.

Overall, integrating AI and smart building technology strengthens risk management, streamlines emergency responses and maintains data compliance, empowering facility managers to better protect people and assets.

The Innovation of Asset Maintenance in Buildings

While AI-driven risk management strengthens emergency response and security, smart building technologies are redefining day-to-day operations. Traditionally, buildings operated with isolated systems located in basements or ceilings. Connected buildings introduced monitoring for energy use through one or two systems. Smart buildings advance this by integrating building management systems (BMS) with various data sources to enhance performance, aiming for autonomous buildings powered by advanced AI to make decisions, recommend actions and predict failures.

A transformative tool in this field is the digital twin—a precise digital replica of a building and its operations. Internet of Things (IoT) sensors connect digital twins to building systems, allowing facility managers to predict system performance, such as HVAC efficiency during temperature spikes. Digital twins analyze real-time data for predictive scheduling and store essential asset documents like Original Equipment Manufacturer (OEM) manuals, accelerating issue resolution and improving efficiency. This shift enables proactive maintenance, reducing downtime and maximizing system availability.

Smart technology automates maintenance to optimize resources. For example, analyzing room bookings can guide maintenance efforts, avoiding unnecessary checks on unused spaces. Flow sensors in restrooms enable maintenance based on usage, saving time and resources. Real-time visualization of performance allows buildings to communicate with managers and prompt adaptive responses. Autonomous buildings can alert managers, suggest solutions and initiate corrective actions.

As facility managers adopt these innovations, focusing on data collection and analysis is crucial for optimizing operations. Transitioning to smart, autonomous buildings revolutionizes maintenance strategies and creates high-performing workplaces. Leveraging data from digital twins and IoT systems enhances decision-making, resource allocation and sustainable building management.

Supporting and Enhancing the Employee Experience

Optimizing facility systems through digital twins and IoT sensors paves the way for more than just operational efficiency. Real-time environmental adjustments support an organization’s most valuable asset: its people. Environmental data has become essential as employees prioritize well-being and productivity, especially after the COVID-19 pandemic underscored the impact of air quality on health. “Cognitive ergonomics” refers to how factors like air quality, lighting and sound affect cognitive abilities. Harvard partnered with Syracuse University and SUNY Upstate Medical University to conduct research into whether working in a “green building” resulted in better cognitive performance than “non-green buildings. Poor air quality is shown to cause fatigue, headaches and decreased focus, impairing productivity. According to the Harvard School of Public Health, improving workplace indoor air quality can increase employee productivity by up to $6,500 per person per year.

Inclusivity should also be central to workplace technology. AI-driven accessibility tools, such as text alternatives for signage, text-to-speech in lobbies and automated meeting transcriptions, ensure user-friendly experiences for all. Adhering to standards like the Web Content Accessibility Guidelines (WCAG) establishes sustainable, accessible workplace technology.

Focusing on employee experience helps facilities teams create adaptable, inclusive workspaces that boost well-being and productivity. Leveraging real-time environmental data and accessible technology ensures workplaces remain supportive, sustainable and responsive to employees’ needs.

While real-time adjustments enhance employee well-being and inclusivity, facility managers are also experiencing a broader shift in their roles. This evolution, driven by data and AI, transforms facility management from a reactive approach to proactive and strategic, demonstrating the transformative power of technology. By leveraging these tools, facility managers can align operational strategies with ESG objectives and Net Zero targets, creating workplaces that are sustainable, efficient and supportive of their greatest asset: people.

Watch FM:Systems’ webinar “People, Places, Planet: Leveraging Technology to Integrate ESG into FM Operations” to dive deeper into cutting-edge strategies and best practices that empower facility managers to drive innovation and enhance operational performance.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including FM:Systems, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Top Upcoming 5G Events for Government to Attend

Posted on by Mark DeMerse

Secure Public Sector networks with 5G wireless technology delivers high-speed wireless connectivity, faster data rates and lower latency for systems and communities across the nation. This next-generation mobile network enables the expansion of virtual reality (VR) and the Internet of Things (IoT) solutions. While many successful use cases have recently emerged showcasing the power of 5G in Government, Carahsoft partners are supporting agencies by providing powerful cellular networks and maintaining reliable mobile connections to achieve mission success without compromising security within workflows.

Explore more ways to leverage Carahsoft and our partners through our various upcoming Government events. Learn about acceleration of real-time delivery from devices, increased adoption of AI and multiaccess edge computing technologies (MEC) and other innovations from leading 5G technology service providers.

5G Summit

August 22 | Reston, VA

5G networks have become more common over the past few years. One study found that 5G’s worldwide share of mobile data traffic in 2021 was about 10% – but expected to grow to 60% by 2027. Government agencies are more selective when it comes to adopting 5G for their networks, partially due to higher costs associated with deploying such networks as well as unique requirements very large organizations such as the Department of Defense pose. Join thought leaders from Government and industry as they outline developments in 5G network rollouts at agencies and the ways 5G can be harnessed to open new opportunities to meet agencies’ various missions.

Sessions to look out for:

5G is at the Heart of CJADC2

5G’s Role in Modernization

The Future of 5G Technology in Government

Carahsoft is hosting this year’s 5G Summit alongside FedInsider, Cradlepoint, Nokia, Intel, T-Mobile, and Dell Technologies providing the latest management news from inside the Government.

T-Mobile Tech Experience: 5G Hub

August 27 | Bellevue, WA

Carahsoft Top 5G Events Blog Embedded Image 2024

Inaugurated in 2016, the Tech Experience has set out to create innovative and engaging experiences to inspire the industry to turn concepts into tangible, transformative solutions. The T-Mobile 5G Hub offers opportunities to meet with engineers, immerse in technology demonstrations and gain other valuable resources. At the event, hear directly from project partners about the successful projects crafted within the 5G Hub, explore video testimonials showcasing T-Mobile’s facilities, technology, expertise and partnerships, and get ready to participate in ample networking sessions.

Carahsoft partners AWS, Dell Technologies, Nokia, Ericsson, Microsoft, Google Cloud and Qualcomm will be featured at the 2024 T-Mobile Tech Experience.

ATARC Federal Mobility Summit

September 19 | Reston, VA

ATARC, the Advanced Technology Academic Research Center, and Carahsoft invite attendees to a day full of networking, innovation and collaboration within the world of federal mobility. At the Federal Mobility Summit, industry experts and leaders in Government will explore the latest trends and updates in mobile technology such as security, Zero Trust, acquisition, best practices and emerging solutions. Connect with peers and gain valuable insights into the future of mobility in the federal sector.

Sessions to look out for:

Securing Mobile Technologies: Identity, Zero Trust, and Threats

Navigating Mobile Acquisitions: Strategies and Best Practices

Next-Generation Networks: 5G, 6G, and Their Impact

Mission Enablement: Tools and Technologies for Success

Carahsoft is proud to host the Federal Mobility Summit at our office in Reston, Virginia and holds an ATARC membership, immersing further into the Federal IT community.

Open RAN GLOBAL FORUM

September 24 | Virtual

Open RAN, or Open Radio Access Network, is an evolving shift of industry standards and mobile architecture so that service providers can use equipment from multiple vendors while ensuring interoperability. The Open RAN Global Forum brings industry experts and Government together to delve into the latest updates for Open RAN including the role Open RAN will play in 6G, focusing on energy-efficient, AI-driven and customizable technology. Featuring interviews, live discussions and demos, attendees will learn more about adoption challenges and progress surrounding tier-one telecom operators’ roadmaps. Other key themes featured at this year’s event include examining the growth of AI and automation in RIC, exploring Open RAN economics and capitalization opportunities, testing and reducing energy consumption and more.

Carahsoft partners and mobile carries Verizon and T-Mobile will be featured at Open RAN GLOBAL FORUM.

Mobile World Congress

October 8-10 | Las Vegas, Nevada

Prepare for the new era of hyperconnected business and smart cities or procure technology that can be deployed right now to make legacy systems and existing processes faster, easier and more resilient with industrial-grade 5G. At Mobile World Congress, explore technology themes like enterprise transformation, AI networks and 5G EdgeCloud with 5G leaders, architects and systems integrators, as well as CIOs from successful 5G enterprises, and discover how this technology can solve today’s biggest industry challenges.

Carahsoft partners Verizon, Qualcomm and Microsoft will be featured at this year’s MWC.

5G Round Table Webinar Series

October 3 & November 14 | Virtual

This fall, join us for two 5G Round Table sessions featuring real-world insights from Intel and T-Mobile. Hear from thought leaders from Government and industry outlining developments in 5G network rollouts at agencies and the ways 5G can be harnessed to open new opportunities to meet agencies’ unique missions.

Carahsoft will be hosting this event alongside FedInsider. CPE credits will be provided for qualified participants.

AutoCon 2

November 18-22 | Denver, CO

Full adoption of network automation is a continuous challenge for the mobility community that innovators at AUTOCON 2 hope to discover a solution for. The first, single, in-person event was a foundational moment for collaborators to advance the state of automated network operations. Now, the founders of the event are working to grow AutoCon into a recurring series of practitioner-focused events. This fall’s event will feature informational conference sessions, workshops and networking opportunities.

Carahsoft partners Nokia and Arista will be featured at AUTOCON 2.

Carahsoft’s 5G Podcast Series

Multiple Events | Virtual

Carahsoft’s podcast series dives into the world of 5G technology solutions, featuring expert insights from industry leaders. Explore sessions on the strategic advantages and key technologies for 5G, relevant applications of 5G for Federal, State and Local Governments and specific agency use cases such as the transformative success stories, learning curves and future objectives of 5G for the Department of Defense. Don’t miss out on this opportunity to impact the power and possibilities of 5G technology.

To learn more or get involved in any of the above events please contact us at 5G@carahsoft.com. For more information on Carahsoft and our industry leading Cybersecurity technology partners’ events, visit our 5G Solutions Portfolio and 5G Events page. 

| Carahsoft

Tag Archives: Smart Cities