Addressing Critical Infrastructure by Adopting a Cybersecurity Convergence Model
In a recent article courtesy of Stratascale’s David Beidelman, David perfectly outlined growing public frustration and ire over high-profile cybersecurity breaches that significantly affect our nation’s critical infrastructure. For instance, the recent Colonial Pipeline ransomware attack was anything but “isolated.” After hackers gained access to Colonial’s pipeline operations, a ripple effect occurred resulting in spikes in consumer gasoline prices and gas hoarding over fears of an impending shortage.
Do you know how to prepare for a ransomware attack? Check out our Stratacast by Field CISO Michael Wilcox to find out!
What do instances such as Colonial say about the state of our critical infrastructure?
It is not good. Gone are the days where cybersecurity breaches are siloed — primarily affecting the victim’s bottom-line with little impact on the greater public. As the US Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA) frames the larger issue:
Today’s threats are a result of hybrid attacks targeting both physical and cyber assets. The adoption and integration of Internet of Things (IoT) and industrial Internet of Things (IIoT) have led to an increasingly interconnected mesh of cyber-physical systems (CPS), which expands the attack surface and blurs the once clear functions of cybersecurity and physical security.
Further compounding the larger issue, 85% of America’s critical infrastructure is privately owned, meaning electrical grids, water systems, pipelines and more do not follow strict cybersecurity guidelines prescribed by federal agencies. 
The time to change course is now…
Adopting CISA’s convergence model — the formal collaboration between previously disjointed security functions — is a great starting place. An integrated threat management strategy such as the convergence model holds several benefits for organizations of all sizes ranging from streamlining security functions, cross-training, security information sharing across an organization, integrated views into security threats and more. At the core of CISA’s convergence model is a mutual understanding that successful cybersecurity programs operate on the foundations of communication, coordination and collaboration. Here is a brief guide from CISA on what a successful convergence model looks like for a given organization:
Not ready to converge?
Stratascale’s approach is quite simple. It starts with understanding our customers, their IT environments, and business challenges. This gives us the opportunity to find the “right” solutions to address customer challenges. Our cybersecurity staff knows that effective cybersecurity isn’t just about finding a technical solution that address a need. It is a balancing act! It requires finding and implementing the right solutions that addresses security needs while at the same time aligning with business requirements and ties seamlessly into an organization’s existing IT infrastructure, operations and business workflows.
Stratascale offers a wide range of assessment and consulting services that assist organizations in aligning with CISA’s convergence model including:
Security Road Map Assessments that are designed to assist customers in understanding the current state of their cybersecurity program and providing them with a risk based prioritized “road map” to increase program maturity and alignment with CISA. Security Posture Reviews and Zero Trust workshops are also available that assist customers in assessing and addressing common Operational Technologies (OT) and security architectural challenges. Furthermore, Stratascale offers numerous Cloud Assessment and Security Operations consulting services that help customers tie OT, cloud, and SaaS services into a cohesive and effective security program.
Are you ready to adopt a convergence model in bolstering your cybersecurity and critical infrastructure? Book an appointment with a Stratascale Account Manager for more information.
 Cybersecurity and Physical Security Convergence, Cybersecurity and Infrastructure Security Agency (2020), https://www.cisa.gov/sites/default/files/publications/Cybersecurity%20and%20Physical%20Security%20Convergence_508_01.05.2021.pdf  Nathanial Lee. As the U.S. faces a flurry of ransomware attacks, experts warn the peak is likely still to come, (June 10, 2021), https://www.cnbc.com/2021/06/10/heres-how-much-ransomware-attacks-are-costing-the-american-economy.html