Addressing Cybersecurity in Critical Infrastructure

Original Broadcast, October 1, 2024

Presented by Zscaler & Carahsoft

Robert Bair, CISO Americas at Zscaler, emphasizes the increasing importance of cybersecurity within the critical infrastructure sector, particularly as the government heightens its focus on collaboration with private sector providers. He shares the military's strategic consideration of dual-use critical infrastructure, which supports military operations and requires enhanced visibility to identify vulnerabilities. Bair points out that many smaller municipalities and private entities controlling critical infrastructure are often under-resourced, which complicates the implementation of robust cybersecurity measures. He highlights the growing complexity of operational technology (OT) systems, which are becoming more interconnected yet lack the visibility seen in IT environments. This lack of visibility leads to potential vulnerabilities, especially as adversaries increasingly employ non-traditional cyber tactics, maintaining low and slow access to networks rather than outright attacks. To combat these challenges, Bair advocates for adopting zero trust principles, improving secure remote access, and developing a comprehensive OT maturity model.

Key Takeaways:

1. Gaining visibility into critical infrastructure is essential for identifying vulnerabilities and ensuring robust cybersecurity measures, especially given the diverse management of these assets.

2. Many smaller municipalities and private sector operators of critical infrastructure lack the necessary resources to implement effective cybersecurity practices, highlighting the need for support and best practices.

3. Adversaries are adopting non-traditional cyber tactics, necessitating a focus on Zero Trust strategies and enhanced protection for operational technology systems to prevent prolonged undetected access to networks.