Home Civilian based defense NSTAC Chairman’s Advisory Committee Offers Real-Time Monitoring of Operational Technology Across Federal Agencies

NSTAC Chairman’s Advisory Committee Offers Real-Time Monitoring of Operational Technology Across Federal Agencies


Written by John Hewitt Jones

The Presidential National Security Telecommunications Advisory Committee (NSTAC) has introduced proposals that would require all agencies in the executive civilian branch to monitor operational technology systems in real time.

In a draft report released Tuesday, the NSTAC said the Cybersecurity and Infrastructure Security Agency should issue a binding operational directive that would require federal departments to continuously monitor how operational technology (OT) devices in use connect to other systems.

Operational technology is the hardware and software that detects or can cause change through direct monitoring or control of industrial equipment and assets, such as electrical substations, water treatment plants, and utility facilities. manufacturing.

The latest study focuses on the convergence of these systems with conventional IT systems and comes amid heightened concerns about potential cyber threats to industrial manufacturing and utilities, including power plants and filtration plants. of water.

In February of last year, an unidentified hacker broke into the computer system of a water treatment plant in a city outside of Tampa, Florida, and temporarily changed the setting the factory sodium hydroxide to a potentially dangerous level. Concerns about such an attack were raised again this week after news broke that hackers may have gained access to industrial control systems at a water filtration plant in South Staffordshire in the UK.

“CISA should issue a binding operational directive, similar to what Section 1505 of the National Defense Authorization Act for Fiscal Year 2022 requires for DOD, which requires departments and agencies in the executive civilian branch to maintain a continuous real-time inventory of all OT devices, software, systems and assets within their area of ​​responsibility, including an understanding of any interconnectivity with other systems,” the report states.

The NSTAC is made up of 30 chief executives representing major communications, network services, and computing companies, and acts as a liaison between federal agencies and the private sector. It was created by an executive order signed by President Ronald Reagan in 1982.

The latest draft report also includes a key recommendation that CISA should develop procurement language guidelines for operational technology products and services and that the agency should work with the General Services Administration to require the inclusion of risk-informed cybersecurity capabilities in federal government procurement vehicles.

In addition, the study indicates that the National Security Council, CISA and the Office of the National Director of Cybersecurity should prioritize the development and implementation of interoperable, technologically neutral and independent information sharing. providers to advance the real-time sharing of sensitive collective information. defensive information between authorized parties.

The report is the third of three commissioned by the White House following several significant cybersecurity incidents, including the SolarWinds hack in late 2020 and the Colonial Pipeline cyberattack in May last year.

Previous NSTAC reports have examined software assurance in the IT supply chain and the management of trusted and zero-trust identities. The committee will now work on a fourth and final comprehensive study.

At a committee meeting on Tuesday afternoon, NSTAC members voted to approve the draft report, which will now go to the president.