References:
Clean, renewable energy is a cornerstone of the Biden administration’s agenda. The Federal government is making "generational investments" in this infrastructure and clean energy. Funding is secured to develop a nationwide network of 500,000 electric vehicle charging stations. The national Cyber Security Strategy clearly outlines how the government will leverage Federal Procurement and Regulatory measures to ensure that cyber security is not the point of failure.
It appears that we are defining a whole new “utility group” and that this group may be considered a part of the nation’s critical infrastructure. This group may include traditional and clean energy mining, power generation, transmission infrastructure, and everything associated with the new system. This consists of the engineering companies, construction companies, and components suppliers that support, build, and maintain the vast system, as well as the manufactured vehicles that operate on the utility and their associated supply chains.
If your business is linked to the clean energy ecosystem, you should consider your security and compliance requirements as though you are a part of our country’s critical infrastructure.
The National Cyber Security Strategy (NCSS) indicates that OT is a primary concern and that the Federal government will use its legislative and purchasing power to drive higher cybersecurity compliance. Most organizations see what is on the horizon; they know that compliance is a condition to participate in the government's “generational” investments; what is not clear is what steps should be taken today to prepare.
We get some guidance from the NCSS; it indicates that the new regulation will rely on available technology and align with the regulation already in place for oil and gas pipelines, aviation, and rail. There are many elements, but ServiceNow has already solved many foundational issues required for better security, operational resilience, and compliance.
Almost every security regulation starts with the requirement to track critical assets and asks: can you provide an inventory of assets in your enterprise, both IT and OT and can you show evidence that the data is trusted? This is the first step. Less mature enterprises must now work on programs to solve CMDB health, discovery, and trusted visibility. Establish this strong foundation, and there is a good chance of being prepared to manage software and firmware vulnerabilities, set system boundaries, increase resilience, and manage incidents when required by pending regulation.
Organizations with a strong foundation should consider expanding protections and integrating all enterprise security workloads under a standard set of practices and governance. They should also consider how ServiceNow can support more mature security workloads such as the digital twin, network segmentation, vulnerability response, software bill of material, software and firmware provenance, or configuration management.
These elements are just the beginning of the conversation! Regulation may drive the investment, but the benefits extend beyond checking a compliance box. With ServiceNow at the center of the conversation, the investments can yield additional returns in operational excellence, operational resilience, reduced insurance cost, and (of course) drive the core priorities of safety, quality, and productivity.
If you'd like to continue the conversation, please reach out!
ITS Partners: The Leader in Managing and Securing Critical Assets and Critical Infrastructure With ServiceNow!
6026 Kalamazoo AVE SE, #272
Kentwood, MI 49508
Contact us at (616) 242-5300
