CISA (Cybersecurity and Infrastructure Security Agency) lately launched Binding Operational Directive 23-01, Improving Asset Visibility and Vulnerability Detection on Federal Networks. This directive establishes obligatory baseline necessities for Federal Civilian Executive Branch (FCEB) companies to determine belongings and vulnerabilities on their networks and supply information to CISA at outlined intervals. You can discover the directive right here, and I encourage you to learn the total textual content because it’s very approachable.
What’s New in This Directive? (Teaser: Operational Technology!)
For starters, it is a obligatory course to FCEB companies with a deadline: April 3, 2023. This mandate is the following step in CISA’s effort to achieve visibility into the dangers going through federal networks, dangers introduced into on a regular basis dialog with the SolarWinds breach in 2020. The wording additionally factors to CISA’s seriousness: whereas it says the aim is to attain outcomes with out prescribing how to take action, it does clearly record 4 required actions.
For me, probably the most fascinating facet of that is its scope: all IP-addressable community belongings. This contains operational expertise (OT) belongings in addition to enterprise IT belongings. All too typically, insurance policies and steering are written for or tailor-made to the enterprise IT setting, and the OT networks that abound federal companies (SCADA, constructing administration, bodily safety – see my earlier weblog on this subject) and represent crucial infrastructure are ignored. In this directive, CISA has elevated OT networks to the identical degree of significance as IT networks.
How Cisco Can Help
Cisco is usually a trusted companion to FCEB companies as they work to adjust to this directive, each within the IT and OT environments. As the IT setting is acquainted to most, I’m going to focus explicitly on the operational aspect of those companies and level you to Cisco Cyber Vision, a light-weight, easy-to-use software program answer particularly constructed to carry visibility into OT networks. Cyber Vision serves because the foundational software as companies embark on establishing a Zero Trust structure of their OT environments and allow alignment and/or convergence of their IT and OT environments.
What’s Next?
We supply a free analysis of the manufacturing model of Cyber Vision and are joyful that will help you determine whether or not it’s the proper software in your company. Email me or your Cisco consultant to be taught extra and schedule a 1:1 demo.
Share: