Insecure by design: What you need to know about defending critical infrastructure
In this article from J.M. Porup at CSO Online, testimony from experts at Dragos, a cybersecurity firm, before a U.S. Senate committee last week highlights the differences between Information Technology (IT) and Operational Technology (OP), especially regarding security. According to Robert M. Lee of Dragos, typical guidance for IT, which focuses on patching systems in response to threats, is ineffective or potentially harmful to many industrial control systems (ICS) and other OT assets.
Ryan Says Infrastructure Overhaul Will Be Done in 5 to 6 Bills
From Lindsey McPherson and Jacob Fischer at Roll Call, House Speaker Paul Ryan provided details this week on the process Congress intends to take in addressing infrastructure plans discussed by Republicans in Congress and the White House over the past year. Ryan stated that the House will approached the plan in pieces, passing the legislation in five or six separate bills instead of tackling the plan in one large piece of legislation.
Senate Democrats unveil their own infrastructure plan
Daniella Diaz from CNN reports on the release of a new infrastructure plan by Senate Democrats as a response and alternative to plans put forward by the Trump Administration. Unlike President Trump’s plan, which relies heavily on private investment, the Democrat plan faces slim chances of passage due to its reliance on reinstatement of various various taxes affected by the recent tax overhaul passed by Congress in 2017.
GAO Snaps at Critical Infrastructure Protection Ambiguity
MeriTalk writes on a new report from the U.S. Government Accountability Office that examines the NIST “Framework for Improving Critical Infrastructure Cybersecurity.” Given the voluntary nature of the NIST framework, GAO found that sector-specific agencies with oversight authority for critical infrastructure have no way of accurately assessing implementation of the framework by private owners and operators.