The definition of critical infrastructure has expanded since the beginning of the pandemic. As we’ve seen, critical infrastructure is not just about national security or threats to our water supplies or electrical grids. We have also seen the impact of increased attacks on supply chains for food and materials, energy pipelines and healthcare facilities, to name just a few examples.
In the U.S., the Cybersecurity & Infrastructure Security Agency (CISA) identifies 16 critical infrastructure sectors whose assets, systems and networks, whether physical or virtual, are considered vital to national security, public health and public safety. These range from nuclear reactors and emergency services to healthcare, food, transportation, IT, financial systems and more.
This more expansive approach to critical infrastructure means organizations must also take a more expansive and holistic view in how they deploy and manage cyber resiliency and cybersecurity solutions. Supply chains are more digital and diverse than ever, leveraging cloud computing, edge computing, the open internet and other technologies. This expands the attack surface and exposes additional areas where critical infrastructure can be vulnerable to extreme weather events, breaches and other factors that can lead to downtime.
In today’s environment, all organizations should be taking an end-to-end approach when it comes to cyber resiliency for their critical infrastructure—particularly if they are within the 16 sectors identified by CISA or affiliated with those industries. This means focusing on reducing risk, being proactive and ensuring that the organization can be highly reactive to any potential threat and any threatening scenario.
End-to-end cybersecurity for critical infrastructure can and should encapsulate a range of technologies and services, including secure cloud architecture, disaster recovery, cyber recovery, data protection, privacy protection and more. Here are important features, technologies and capabilities to consider:
- Secure cloud architecture. The ability to manage all cloud resources from a single unified plane is an important step toward reducing risk for critical infrastructure. Having a single operational hub for all clouds ensures unified cloud security and networking policies across the organization, enabling IT teams to identify, protect, detect, respond and recover with greater speed, confidence and intelligence. With a zero trust architecture, organizations can verify users, devices, applications, data and transport sessions before they can gain access to the network, other users, applications, data or the cloud. See related article: Accelerate and Simplify Your Journey to a Zero Trust Architecture
- Modern data protection and cyber recovery solutions and services. Resiliency for critical infrastructure is about preventing successful attacks and other potential disasters. It’s also about having systems and services in place to recover quickly and with minimal damage to data, systems and applications. To meet such challenges, it is important to consider solutions such as Dell Technologies PowerProtect Cyber Recovery, which offers a cyber recovery vault that leverages an automated operational air gap to maintain a backup that is both physically and logically removed from any intrusions.
- Intrinsic security across all supply chains and ecosystems. Intrinsic security starts with supply chain assurance. As an example, Dell Technologies’ manufacturing processes include multiple layers of controls to mitigate any risks that can be introduced into the supply chain. Another example is Dell SafeID, which isolates user credential data away from the operating system and memory. Make sure the servers you are using offer hardened security protections, such as prevention of BIOS tampering and secured component verification. And secure your users and devices with a consolidated endpoint protection platform such as VMware Carbon Black Endpoint.
- Detection, investigation and response driven by automation and intelligence. Unified threat detection and response technologies, as well as secure networking solutions such as SD-WAN and Secure Access Service Edge (SASE), are essential aspects of any modern cybersecurity strategy for critical infrastructure. Solutions should provide end-to-end visibility and actionable intelligence across your entire ecosystem, with the ability to continuously update threat intelligence to keep protection current. With a solution such as Dell Technologies Managed Detection and Response, organizations can leverage a service-based model for extended disaster recovery security, using real-world, actionable threat intelligence to monitor, detect, investigate and respond to threats across the entire IT environment.
One other factor to consider: With critical infrastructure becoming increasingly vulnerable, organizations across all industries—and particularly in the 16 sectors cited by CISA—can reduce risk by conducting a cyber resiliency health assessment designed by a reputable third party. This can help business and IT leaders identify vulnerabilities and use tailored recommendations and best practices to address specific gaps. With Dell’s free Cyber Resiliency Assessment, a cybersecurity and data protection specialist can help you understand where you are vulnerable, depending on your results, and help your team develop and implement a plan to strengthen your security response to advanced threats.
Taking the next step
When it comes to cyber resiliency for critical infrastructure, the partnership of Dell Technologies and VMware offers a broad portfolio of end-to-end solutions that incorporates the key technologies, services and solutions mentioned in this article. This encompasses secure cloud architecture, including zero trust; modern data protection and recovery products and services; intrinsic security across supply chains; plus detection, investigation and response solutions that are highly automated and intelligent.
For more information on how Dell and VMware can help your organization protect critical infrastructure, please visit Dell Technologies. To learn more about the benefits of a cyber resiliency assessment, please visit Assess Your Cyber Resiliency.