Applied Risk Releases Report Revealing Companies are Struggling to Keep Up with Cyber Attack Defenses
Applied Risk released a report revealing that companies are struggling to develop their OT (operational technology) security defenses at a pace comparable to the speed of cyber-attackers. The OT landscape is becoming more and more complex due to a convergence between information technology, operational technology, and cybersecurity. The report can be found in the sources link below . The report takes into account issues that surround people, processes, and technologies that underlie current conditions in OT security. The report notes the sector has been shaped by numerous factors including lower-than-ideal staff levels, supply chain issues, nation-state attacks, rising number of sophisticated cyber-attacks, adoption of risk-based and OT-specific standards, and the failure to adopt enabling technologies. We suggest all companies to stay up to date on guidance from the industry's best cybersecurity professionals.
The Energy and Commerce Committee will hold a hearing on Tuesday, December 7, at 10:30 a.m. (EST) entitled “Securing our Energy Infrastructure: Legislation to Enhance Pipeline Reliability.” The committee and subcommittee chairs released a joint statement highlighting the importance of pipeline security and reliability in the wake of the Colonial Pipeline ransomware attack, and the failure of Texas’ natural gas infrastructure during a winter storm. The congressmen proposed creating a new entity charged with developing enforceable pipeline reliability standards, including cybersecurity, similar to the electric sector . This hearing builds on a DHS Security Directive issued on July 20, 2021, mandating cybersecurity measures for critical pipelines transporting hazardous liquids and natural gas . We recommend that parties in the pipeline industry and industrial cybersecurity sector stay abreast of the hearing and potential legislation. Increased government regulation of critical pipelines offers increased opportunities for those industrial cybersecurity firms positioned to provide essential services.