Boost critical infrastructure with a cybersecurity convergence model
In a recent article courtesy of Stratascale’s David Beidelman, David perfectly outlined growing public frustration and ire over high-profile cybersecurity breaches that significantly affect our nation’s critical infrastructure. For instance, the recent Colonial Pipeline ransomware attack was anything but “isolated.” After hackers gained access to Colonial’s pipeline operations, a ripple effect occurred resulting in spikes in consumer gasoline prices and gas hoarding over fears of an impending shortage.
What do instances such as Colonial say about the state of our critical infrastructure?
It is not good. Gone are the days where cybersecurity breaches are siloed—primarily affecting the victim’s bottom-line with little impact on the greater public. As the US Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA) frames the larger issue:
“Today’s threats are a result of hybrid attacks targeting both physical and cyber assets. The adoption and integration of Internet of Things (IoT) and industrial Internet of Things (IIoT) have led to an increasingly interconnected mesh of cyber-physical systems (CPS), which expands the attack surface and blurs the once clear functions of cybersecurity and physical security.”
Further compounding the larger issue, 85% of America’s critical infrastructure is privately owned, meaning electrical grids, water systems, pipelines and more do not follow strict cybersecurity guidelines prescribed by federal agencies.
However, your security teams have options.
Adopting CISA’s convergence model — the formal collaboration between previously disjointed security functions — is a great starting place. An integrated threat management strategy such as the convergence model holds several benefits for organizations of all sizes ranging from streamlining security functions, cross-training, security information sharing across an organization, integrated views into security threats and more.
At the core of CISA’s convergence model is a mutual understanding that successful cybersecurity programs operate on the foundations of communication, coordination and collaboration. Here is a brief guide from CISA on what a successful convergence model looks like for a given organization:
Not ready to converge?
Stratascale’s approach is quite simple. It starts with understanding our customers, their IT environments, and business challenges. This gives us the opportunity to find the “right” solutions to address customer challenges. Our cybersecurity staff knows that effective cybersecurity isn’t just about finding a technical solution that address a need. It is a balancing act! It requires finding and implementing the right solutions that address security needs while at the same time aligning with business requirements and tying seamlessly into an organization’s existing IT infrastructure, operations and business workflows.
Stratascale offers a wide range of assessments and consulting services that assist organizations in aligning with CISA’s convergence model including. These include, Security Road Map Assessments designed to help customers understand the current state of their cybersecurity program and provide them with a risk-based prioritized roadmap to increase program maturity and CISA alignment.
Security Posture Reviews and Zero Trust workshops are also available to assist customers in assessing and addressing common Operational Technologies (OT) and security architectural challenges. Furthermore, Stratascale offers numerous Cloud Assessment[s] and Security Operations consulting services that help customers merge OT, cloud, and SaaS services into a cohesive and effective security program.
Are you ready to adopt a convergence model in bolstering your cybersecurity and critical infrastructure? Check out our Stratacast video by Stratascale Field CISO Michael Wilcox to find out. For more information, book an appointment with a Stratascale Account Manager any time!