In recent years, cybersecurity attacks on critical infrastructure in the US have increased in both severity and frequency. In general, critical infrastructure refers to the assets that are used to provide a function essential to society (i.e., banking, utilities, health services, etc.). Attacks on these assets now have the potential for greater impact as cybercriminals use sophisticated measures for financial, military, or political gain. These attacks will not only have detrimental effects that could lead to the disruption and shutdown of an organization but also impact the quality of life of all customers that it serves. Two recent incidents include a Los Angeles based hospital that had its medical records held for ransom and the infiltration of Cathay Pacific Airline which led to the loss of credit card and passport information of over 10 million customers. Federal and State governments must identify, protect, detect, respond, and eventually recover from threats or attacks that could have a debilitating impact on economic security, public health, or general safety.
To help defend against such attacks, the US federal government recently signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018 (CISA). This legislation coordinates security and resilience efforts across the public and private sectors. In addition to this broad, encompassing regulation, there are additional regulations that are making companies that provide these critical services increasingly regulated. These regulations, primarily focused on cybersecurity, include NYS DFS, NY ISO, CCPA, GDPR, European NIS, HKMA, etc. Regulatory compliance is complex and can drastically change both a CISO and an organization’s priorities.
Wavestone US consultants are well-versed in assisting organizations build a critical infrastructure program. We will help your organization assess potential exposure by understanding the severity and impacts of various cyber threats and categorizing each threat based on urgency. After an understanding of exposure has been developed, our consultants will begin creating a plan to move forward to build a successful program. We have a deep understanding of cyber-related regulations that we use to help clients interpret regulatory requirements, build action plans to ensure regulatory compliance, and prepare for audits by regulatory bodies. Our methodology is designed to be flexible and is focused on achieving the highest level of security for your organization.