Defending critical infrastructure has been top of mind for the federal government. With the introduction of the FY2022 National Defense Act (NDAA), Section 1505 mandates that the Department of Defense (DoD) secures its critical infrastructure and operational technology (CI/OT) by focusing on identifying and reporting threats to the sector. Congress will continue to hammer on the importance of securing critical infrastructure with ongoing briefings in the next several years to gain insight into DOD’s cybersecurity readiness and how it intends to protect mission critical assets and operational infrastructure.
In this blog, we will discuss the changing threat landscape for military operations, why the need for NDAA Section 1505, and how Nozomi Networks can help with NDAA Section 1505 compliance.
Cyberattacks Against Critical Infrastructure Are on the Rise
Malicious cyber adversaries have shown their willingness to launch attacks against water treatment facilities, transportation systems, energy grids, hospitals and more – all vital to our economy and society.
In 2021, hackers accessed the computer system of a California water treatment plant to delete programs that controlled the water supply. By disabling and denying access to these critical services can cause significant harm and damage and even result in the loss of lives.
The Colonial Pipeline attack is stark reminder of how vulnerable our way of life is. Hackers caused the shutdown of Colonial Pipeline’s operational network and wrought havoc along the East Coast with long lines and shortages at the gas stations.
Military Operations Have Vulnerabilities Similar to the Private Sector
Our military operations have the same vulnerable systems and applications, including controllers, sensors, power generation, HVAC systems, life and safety systems and other computer-controlled infrastructure that monitor and drive critical processes. The DoD is responsible for securing national security, both abroad and at home, making it vital to understand its infrastructure. Like the private sector, the DoD has relied on operational engineers and technicians with few cybersecurity tools or little training to manage tens to hundreds of thousands of systems and devices.
For the past two decades, security efforts have been focused on traditional IT with no programmatic policies on protecting CI/OT environments. OT defenses are not as operationally mature as their IT cyber techniques. With Section 1505, the DoD is mandated to secure and report on these critical infrastructure systems and their cybersecurity readiness. The mandate outlines an urgent call to action to deploy baseline visualization and monitoring capabilities for critical infrastructure in response to well-documented attacks by state-sponsored actors against physical control systems.
How Nozomi Networks Helps with NDAA Section 1505 Compliance
The Nozomi Platform can help meet specific mandates in Section 1505, Operational Technology and Mission-relevant Terrain in Cyberspace.
- NDAA Section 1505 directs the DoD to complete a mapping of mission-relevant terrain in cyberspace for Defense Critical Assets and Task Critical Assets at sufficient granularity.
Nozomi Networks can provide a complete asset inventory, vulnerability analysis and communications map for all operational assets and devices automatically and keep it up to date.
- NDAA Section 1505 directs the Combatant Commands to develop, institute, and modify their internal processes, responsibilities, and functions to enable effective mission threat analysis.
The Nozomi Platform can help prioritize risks and which vulnerabilities need to be addressed to have the most impact.
- NDAA Section 1505 directs the DOD Chief Information Officer (CIO) to establish or change policies, control systems standards, risk management framework and authority-to-operate policies, and cybersecurity reference architectures to provide baseline cybersecurity requirements.
The Nozomi Platform is a key component of any risk management framework with its ability to verify operational networks against all known vulnerabilities, and perform rapid risk assessments.
- NDAA Section 1505 directs the USCYBERCOM to update the mission, scope, and posture of Joint Forces Headquarters Department of Defense Information Network (JFHQ-DODIN) to ensure appropriate visibility of operation technology and weapon systems and that United States Cyber Command (USCYBERCOM) can effectively defend such operational technology.
Key features in the Nozomi Platform allow for the definition, customization, and tracking of established incident response procedures. Existing procedures can easily be imported into the Nozomi Platform.
The NDAA mandates for reporting to Congress are fast approaching in November 2023. Organizations that are not fully prepared will need to immediately start on an asset visibility and vulnerability awareness project as the first phase of operational readiness.
To learn more about how Nozomi Networks can help you meet compliance with NDAA Section 1505, please schedule a demo here.