“It is vital that critical infrastructure owners and operators immediately take steps to strengthen their cybersecurity posture toward these high-level goals,” the statement continues. “The safety and security of the American people relies on the resilience of the companies that provide essential services such as power, water, and transportation. We look forward to further engaging with key industry stakeholders to promote these efforts to protect our national and economic security.”
Federal Agencies Recommend Cybersecurity Goals
NIST and the Cybersecurity and Infrastructure Security Agency announced nine categories of cybersecurity practices they used to develop a foundation for cybersecurity performance goals for critical infrastructure. For each goal, the organizations have established objectives they say will “support the deployment and operation of secure control systems that are further organized into baseline and enhanced objectives.”
The nine categories for which CISA lists performance goals are architecture and design; configuration and change management; continuous monitoring and vulnerability management; incident response and recovery; physical security; risk management and cybersecurity governance; supply chain risk management; system and data integrity, availability and confidentiality; and training and awareness.
Regarding its training and awareness goals, CISA offered two baseline objectives. The first is to “ensure that control system operators and administrators understand cybersecurity concepts, terminology, activities, and the threat environment associated with implementing cybersecurity recommended practices.” The second objective is to “ensure control system operators and cybersecurity personnel recognize the indicators of potential compromise and what steps they should take to ensure that a cybersecurity investigation succeeds.”
Tech Companies to Offer Cybersecurity Training
In its Aug. 25 fact sheet, the White House touted private sector partnerships, several of which focused on opportunities for cybersecurity training that would meet the goals CISA outlined.
Microsoft and IBM both announced programs to make cybersecurity training more available. According to the White House, “Microsoft announced it will invest $20 billion over the next 5 years to accelerate efforts to integrate cyber security by design and deliver advanced security solutions. Microsoft also announced it will immediately make available $150 million in technical services to help federal, state, and local governments with upgrading security protection, and will expand partnerships with community colleges and non-profits for cybersecurity training.”
IBM announced plans to offer training that will expand the workforce in both number and diversity. In an Aug. 30 statement, the company said, “Today, every adult has the opportunity to develop technology and professional skills regardless of background, education, or life experiences on IBM’s free learning platform — SkillsBuild. We will also partner with more than 20 Historically Black Colleges & Universities to establish Cybersecurity Leadership Centers to build a more diverse U.S. cyber workforce.”
The statement also touted the organization’s continued commitment to gender diversity for cybersecurity training. “At IBM’s CyberDay4Girls, preteen and teenage girls learn about how to protect themselves online as well as basics about threat modeling. They also get to talk with people who work in the industry to learn what it’s like and ask questions. Since the program began in 2016, more than 39,000 middle and high school girls have joined, narrowing the skills gap.”
You may not know exactly what your startup will look like in a year, but with the right collaboration tools and implementation strategy, you can ensure a smooth transition.