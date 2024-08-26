Federal agencies are counting down the days until September 30 to meet a combination of zero-trust cybersecurity requirements. The requirements are part of a multi-year strategy by the Office of Management and Budget (OMB) to apply various cybersecurity techniques to safeguard federal agency users, networks, devices and data.

One of the more vexing requirements, according to a new report, includes provisions to inventory and monitor the increasingly complex IT landscape involving not just traditional IT but also an ever-expanding array of operating technologies (OT) and the Internet of Things (IoT). The convergence of data and applications linked to IT, OT and IoT devices has introduced a new era of security risks that OMB has tasked agencies to address.

“The widespread adoption of OT devices not only expands the number and diversity of assets agencies must manage but also the range of vulnerabilities they need to address,” explains a new report commissioned for FedScoop and underwritten by Asc3nd Technologies Group. “More to the point: Linking OT data and devices to IT systems creates new pathways for cyberattacks that adversaries are exploiting with increasing frequency.”

To address those and related risks, OMB directive M-24-04 requires agencies, among other things, to put tools and measures in place that provide a comprehensive understanding of all devices connected to their networks. They must also be prepared to provide detailed asset reports to the Cybersecurity and Infrastructure Agency (CISA) within 72 hours.

No ‘Easy Button’

As agencies have discovered, there is “no Easy Button” to automating the digital work required to meet those requirements, according to Ryan Hauptman, Federal Civilian Director at Asc3nd Technologies. Instead, agencies must carefully assess their needs and choose the right combination of tools and technologies to monitor devices operating in incongruent technology ecosystems.

“Federal customers don’t have enough time, the tools they have in their environment are inefficient, and they have limited resources to solve the problems they face,” Hauptman says in the report.

Asc3nd Technologies takes a unique approach to helping agencies navigate these challenges by bringing together tailored solutions and collaborative partnerships. Its “Innovation Day” workshops aim to accelerate the cybersecurity learning curve and help agency executives find the most appropriate solutions for their circumstances.

Sarn Bien-Aime, Founder and CEO of Asc3nd Technologies, explains, “When we do these Innovation Days, it is all about bringing technology to the customers and solutions to problems they don’t have time [to research].”

These events have proven to be highly valuable for agency executives, providing them with a condensed overview of cutting-edge technologies and potential solutions to their cybersecurity challenges, he says.

Real-world consequences

The need to find those solutions remains as urgent as ever. The report cites recent high-profile cyberattacks, such as the Colonial Pipeline ransomware incident, as stark reminders of the potential consequences of inadequate OT security. In that incident, hackers shut down a major fuel pipeline, causing widespread disruptions and highlighting the vulnerability of critical infrastructure.

The healthcare sector has also become a prime target for cybercriminals. The report points to a Department of Health and Human Services release noting a staggering 278% increase in large ransomware breaches from 2018 to 2022. These attacks can disrupt patient care, compromise sensitive data, and even put lives at risk.

The report highlights what a comprehensive approach to cybersecurity looks like and describes alternative solutions available to agencies to help automate and orchestrate their IT and OT asset monitoring.

