CISA: Critical Infrastructure Must Master Isolation, Recovery

“The emphasis on isolation and recovery is important for maintaining continuity during disruption, particularly as critical infrastructure is increasingly in the crosshairs of geopolitical tension and AI accelerates how quickly vulnerabilities can be exploited,” said Duncan Greatwood, CEO of Xage Security.“However, if organizations don’t have control within the environment, then isolation on its own is not enough. Threats will often move through trusted connections, third parties, or compromised credentials long before a crisis response begins. The focus on segmentation and maintaining operations even in a degraded state is a meaningful step forward and more aligned with how these environments actually function,” Greatwood added.Related:EnOcean SmartServer Flaws Expose Buildings to Remote HackingRelated:Hundreds of Internet-Facing VNC Servers Expose ICS/OTRelated:Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

“However, if organizations don’t have control within the environment, then isolation on its own is not enough. Threats will often move through trusted connections, third parties, or compromised credentials long before a crisis response begins. The focus on segmentation and maintaining operations even in a degraded state is a meaningful step forward and more aligned with how these environments actually function,” Greatwood added.Related:EnOcean SmartServer Flaws Expose Buildings to Remote HackingRelated:Hundreds of Internet-Facing VNC Servers Expose ICS/OTRelated:Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

Related:EnOcean SmartServer Flaws Expose Buildings to Remote HackingRelated:Hundreds of Internet-Facing VNC Servers Expose ICS/OTRelated:Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

Related:Hundreds of Internet-Facing VNC Servers Expose ICS/OTRelated:Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

Related:Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

In cyber-physical systems (CPS), just one hour of downtime can outweigh an entire annual security budget. Learn how to master the Return on Security Investment (ROSI) to align security goals with the bottom-line priorities.

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Jacki Monson has joined CVS Health as SVP, Deputy CISO.

Gigi Schumm has been promoted to Chief Revenue Officer at Securonix.

Source: SecurityWeek