Search Results

Submitted by: Daryl Haegley, Director, Mission Assurance & Cyber Deterrence at Dod https://www.hbo.com/documentaries/kill-chain-the-cyber-war-on-americas-elections ELECTION SECURITY GETS THE DOCUMENTARY TREATMENT — HBO on March 26 debuts an election security documentary, "Kill Chain: The Cyber War on America's Elections," from the same team behind the 2006 Emmy-nominated doc "Hacking Democracy." It revisits some of the previous film's characters, namely the protagonist Harri Hursti, the Finnish election security expert who co-founded the DEF CON Voting Village. For readers of this space, many of the lessons and events of "Kill Chain" will be familiar, if no less alarming: the VR Systems hack, the myth that voting machines aren't connected to the internet, the Senate's inability to enact election security legislation. But the storytelling is still engaging: Hursti is a more compelling figure than your MC host knew; for example, getting local press for his computer skills at age 13 and helping the Finnish government on a mysterious project he wouldn't discuss. Some were less familiar, and in places, the documentary appears to provide previously unrevealed information. In an interview, an Indian hacker going by CyberZeist talks about breaking into an Alaskan website where he could have changed the vote (but didn't because he was afraid of being caught). He contends he could have made millions selling the backdoor to Russians wanting to get into the system to alter the numbers. "There was no containment, in effect," Hursti says, reviewing state documents asserting the contrary. Hursti deems CyberZeist as credible. In another instance, experts looked at voting machines at a polling place during Georgia's last gubernatorial election, where six of seven machines went heavily Democratic for the whole ticket and one swung the opposite toward the GOP. University of California Berkeley statisticians Philip Stark and Kellie Ottoboni concluded there was less than a one in a million chance of that happening. The documentary covers almost all the bases, with appearances from lawmakers to election experts: Sens. Mark Warner (D-Va.), James Lankford (R-Okla.), Amy Klobuchar (D-Minn.) and Ron Wyden (D-Ore.); DEF CON founder Jeff Moss; University of Michigan computer science professor J. Alex Halderman; and Hursti's fellow Voting Village co-founder Jake Braun. The major election security vendors declined interviews, although their promotional videos make entertaining cameos — of note though, is how those vendors have moved closer to the positions of the other interviewees in favor of outside testing in the past year or so. The final verdict: It's a should-watch for election security enthusiasts because it's a good flick, and a must-watch for the average voter who isn't caught up.

Submitted by: Daryl Haegley, Director, Mission Assurance & Cyber Deterrence at Dod The President has signed the National Strategy to Secure 5G (in addition to the Secure 5G and Beyond Act and the Broadband DATA Act).  Here is the link: https://www.whitehouse.gov/wp-content/uploads/2020/03/National-Strategy-5G-Final.pdf

Submitted by: Daryl Haegley, Director, Mission Assurance & Cyber Deterrence at Dod https://www.zdnet.com/article/academics-steal-data-from-air-gapped-systems-using-pc-fan-vibrations/ Academics steal data from air-gapped systems using PC fan vibrations Israeli researchers use vibrations from CPU, GPU, or PC chassis fans to broadcast stolen information through solid materials and to nearby receives, breaking air-gapped system protections. Academics from an Israeli university have proven the feasibility of using fans installed inside a computer to create controlled vibrations that can be used to steal data from air-gapped systems. The technique, codenamed AiR-ViBeR, is the latest in a long list of wacky data exfiltration techniques devised by Mordechai Guri, the head of R&D at the Ben-Gurion University of the Negev in Israel. For the past half-decade, Guri has been researching methods of sending data from air-gapped computers to the outside world without being detected. Research into this topic is important because air-gapped systems -- computers isolated on local networks with no internet access -- are often used on government or corporate networks to store sensitive data, such as classified files or intellectual property. Guri's research doesn't look at ways of compromising and planting malware on these super-secure systems but instead focuses on innovative and never-before-seen ways of getting the data out, without being detected, and through methods that network defenders are not aware of. In past research, Guri and his team at the Ben-Gurion university's Cyber-Security Research Center have shown that attackers could steal data from secure systems using a plethora of techniques such as: · LED-it-Go - exfiltrate data from air-gapped systems via an HDD's activity LED · USBee - force a USB connector's data bus give out electromagnetic emissions that can be used to exfiltrate data · AirHopper - use the local GPU card to emit electromagnetic signals to a nearby mobile phone, also used to steal data · Fansmitter - steal data from air-gapped PCs using sounds emanated by a computer's GPU fan · DiskFiltration - use controlled read/write HDD operations to steal data via sound waves · BitWhisper - exfiltrate data from non-networked computers using heat emanations · Unnamed attack - uses flatbed scanners to relay commands to malware infested PCs or to exfiltrate data from compromised systems · xLED - use router or switch LEDs to exfiltrate data · aIR-Jumper - use a security camera's infrared capabilities to steal data from air-gapped networks · HVACKer - use HVAC systems to control malware on air-gapped systems · MAGNETO & ODINI - steal data from Faraday cage-protected systems · MOSQUITO - steal data from PCs using attached speakers and headphones · PowerHammer - steal data from air-gapped systems using power lines · CTRL-ALT-LED - steal data from air-gapped systems using keyboard LEDs · BRIGHTNESS - steal data from air-gapped systems using screen brightness variations In new research published this week, Guri expanded on this past work by looking at a medium his team has not analyzed before -- namely vibrations. More specifically, Guri looked at the vibrations that can be generated using a computer's fans, such as CPU fans, GPU fans, power-station fans, or any other fan installed on the computer chassis. Guri says that malicious code planted on an air-gapped system can control the speed at which fans work. By moderating fan speed up and down, the attacker can control the frequency of the vibrations coming off the fan. The AiR-ViBeR technique takes sensitive information stored on an air-gapped system and then alters the fan speed to generate a vibrational pattern that propagates through the nearby environment, such as a desk. Guri says that a nearby attacker can record these vibrations using accelerometer sensors found in modern smartphones, and then decode the information hidden in the vibration pattern to reconstruct the information stolen from the air-gapped system. Collecting these vibrations can be done in two ways. If the attacker has physical access to the air-gapped network, they can place their own smartphones on a desk near an air-gapped system and collect the beamed vibrations without touching the air-gapped computer. If the attacker does not have access to an air-gapped network, then attackers can infect the smartphones of employees working for the targeted company operating an air-gapped system. Malware on the employee's device can pick up these vibrations on behalf of the attacker. Guri says this is possible because the accelerometer sensors in modern smartphones can be accessed by any app without requiring the user's permission, which makes this technique highly evasive. STEALING DATA VIA VIBRATIONS TAKES A WHILE However, while the AiR-ViBeR technique is some pretty innovative work, transmitting data through vibrations is extremely slow. In fact, data can be exfiltrated through vibrations at a lowly speed of half a bit per second, making AiR-ViBeR one of the slowest exfiltration methods that Guri and his team have come up with in recent years. While the AiR-ViBeR attack might be deemed "feasible," it is highly unrealistic that attackers would ever use it in the wild, as they would most likely opt for other techniques that exfiltrate information at faster speeds. Additional technical details on the AiR-ViBeR technique can be found in a white paper published this week and named "AiR-ViBeR: Exfiltrating Data from Air-Gapped Computers via Covert Surface ViBrAtIoNs." BOTTOM LINE: **** Regular users have nothing to fear in regards to AiR-ViBeR, as there are far more dangerous threats lurking on the internet. However, administrators of super-secure air-gapped networks will most likely need to take Guri's latest work into consideration and deploy some of the countermeasures listed in the paper, if they deem this technique a credible threat. Thanks to => Kevin McGrail from Infrashield => for forwarding

Submitted by: Daryl Haegley, Director, Mission Assurance & Cyber Deterrence at Dod https://www.afwerx.af.mil/coronavirus.html COVID-19 National Response Team Industry Portal In a time of unprecedented change and disruption, the Department of the Defense has established the Joint Acquisition Task Force (JATF) for COVID-19 to assess and rapidly respond to challenges presented by this pandemic. To kick off the effort, we are collecting information from both government and non-government personnel who are interested in getting involved. All resources and solutions are welcome from industry, academia, venture capital firms, individual contributors and more. If you're a government employee who wants to get involved, click here. Join the Fight REQUEST FOR INFORMATION Your submission will help us assess opportunities, strategize our response, coordinate solutions, and provide you further information on ways to get involved. · Join the Effort · Mission Focus Areas · Contracting Opportunities · Additional Resources · Webinars · FAQs Mission Focus Areas 1. Combating the Spread (predictive analytics, next hotspot, threat to current activities, decision support, etc.) 2. Welfare of citizens (effects to transportation, movement of people and goods, education and development, physical training, regular HR functions, job transition, etc.) 3. Readiness (continuing operations through the outbreak, coordinating with allies and partners, continuing long term projects, etc.) 4. Logistics (security and protection, supply chain protection and assessment, etc.) 5. Industrial base impacts (small businesses, payments, contracts, large system programs, protection and expansion of critical assets, etc.) 6. Medical (telehealth, medical capacity and sustainment, medical supplies and equipment, etc.) Review specific urgent needs for the medical category here. 7. Other To get involved in the Department of Defense’s response efforts, non-government partities are encouraged to fill out the form below. If you're a government employee, visit our government page here. REQUEST FOR INFORMATION Contracting Opportunities COVID-19 PPE and Medical Supplies Solicitation The Federal Emergency Management Agency released a Request for Proposal (RFP) for COVID-19 PPE and Medical Supplies. View the full solicitation here. Air Force Small Business Innovation Research (SBIR) X20.R The application period for the upcoming SBIR Direct to Phase II Open Topic with a COVID-19 Interest Area is open from March 30 to April 30 at 12 p.m. EST, 2020. Visit the beta.SAM solicitation for application resources and apply on the DSIP portal. If your solution addresses one of the SBIR COVID-19 Interest Areas, please send an email to COVID@afwerx.af.mil with the subject line “SBIR 20.R - [Firm Name]” with a brief description of your proposed solution. Additional Resources Request for Information (RFI) Form Fill out this form for opportunities to share your capability and skill set with the COVID-19 Joint Acquisition Task Force. Webinars The following webinars will provide an overview of this initiative and give attendees the opportunity to ask questions. · April 9 at 1 p.m. EST · April 14 at 1 p.m. EST · April 16 at 1 p.m. EST · April 21 at 1 p.m. EST · April 23 at 1 p.m. EST Watch previous webinars here and download the webinar slide deck here. FAQs Who can be involved in the Unite and Fight effort? This initiative is open to anyone who wants to participate. We've broken our initial forms into two categories: non-government for industry, academica, investors, and individual contributors; government for Department of Defense personnel, federal and local government employees, and more. For more information regarding COVID-19, view the following websites: ·  Coronavirus Disease 2019 (COVID-19) - https://www.coronavirus.gov ·  U.S. Government Response - https://www.usa.gov/coronavirus ·  Coronavirus FAQ - https://faq.coronavirus.gov/ For any additional questions, feel free to shoot us an email at support@afwerx.af.mil.

Submitted by: Daryl Haegley, Director, Mission Assurance & Cyber Deterrence at Dod Expanding your pandemic reading list, “Prism” magazine specializes presenting the thoughts (and concerns) of top national security thinkers and decision-makers in mid-length articles—short enough to be accessible for people with too much to do (all of you), but long enough to present a fully fleshed-out set of topline arguments on each topic.  The editor has taken the liberty of recommending these particular articles for those with a cyber policy focus: NATO's Adaptation in an Age of Complexity, By General Denis Mercier (https://cco.ndu.edu/News/Article/1679427/natos-adaptation-in-an-age-of-complexity/) The Mandate to Innovate, By Ms. Christina Monaco (https://cco.ndu.edu/News/Article/1680572/the-mandate-to-innovate/) Examining Complex Forms of Conflict: Gray Zone and Hybrid Challenges, By Dr. Frank G. Hoffman (https://cco.ndu.edu/News/Article/1680696/examining-complex-forms-of-conflict-gray-zone-and-hybrid-challenges/) The Machine Beneath: Implications of Artificial Intelligence in Strategic Decisionmaking, By Lt Col Matthew Price, LTC Stephen Walker, CDR Will Wiley (https://cco.ndu.edu/News/Article/1681986/the-machine-beneath-implications-of-artificial-intelligence-in-strategic-decisi/) Interview with General John R. Allen, USMC (ret.), By Mr. Michael Miklaucic (https://cco.ndu.edu/News/Article/1683801/interview-with-general-john-r-allen-usmc-ret/) How is NATO Meeting the Challenge of Cyberspace, By Jamie Shea (https://cco.ndu.edu/PRISM-7-2/Article/1401835/how-is-nato-meeting-the-challenge-of-cyberspace/) Power Projection in the Digital Age, By Darren McDew (https://cco.ndu.edu/PRISM-7-2/Article/1401851/power-projection-in-the-digital-age/) A National Security Enterprise Response - Digital Dimension Disruption, By Charles Rybeck, Lanny Cornwell and Phillip Sagan (https://cco.ndu.edu/PRISM-7-2/Article/1401866/a-national-security-enterprise-response-digital-dimension-disruption/) Bridging the Cyberspace Gap - Washington and Silicon Valley, By Adam Segal (https://cco.ndu.edu/PRISM-7-2/Article/1401912/bridging-the-cyberspace-gap-washington-and-silicon-valley/) Battlefield Geometry in our Digital Age: From Flash to Bang in 22 Milliseconds, By Robert Allardice and George Topic (https://cco.ndu.edu/PRISM-7-2/Article/1402883/battlefield-geometry-in-our-digital-age-from-flash-to-bang-in-22-milliseconds/) Cyber Gray Space Deterrence, By Richard Andres (https://cco.ndu.edu/PRISM-7-2/Article/1401927/cyber-gray-space-deterrence/) Cyberdeterrence by Engagement and Surprise, By Jim Chen (https://cco.ndu.edu/PRISM-7-2/Article/1401948/cyberdeterrence-by-engagement-and-surprise/) A Three-Perspective Theory of Cyber Sovereignty, By Hao Yeli (https://cco.ndu.edu/PRISM-7-2/Article/1401954/a-three-perspective-theory-of-cyber-sovereignty/) An Interview with Marina Kaljurand, former Minister of Foreign Affairs of Estonia (https://cco.ndu.edu/PRISM-7-2/Article/1401967/an-interview-with-marina-kaljurand-former-minister-of-foreign-affairs-of-estonia/) Leading the National Security Enterprise, By Ronald Sanders (https://cco.ndu.edu/PRISM-7-1/Article/1298309/leading-the-national-security-enterprise/) European Union and NATO Global Cybersecurity Challenges: A Way Forward, By Luukas K. Ilves, Timothy J. Evans, Frank J. Cilluffo, and Alec A. Nadeau (https://cco.ndu.edu/PRISM/PRISM-Volume-6-no-2/Article/840755/european-union-and-nato-global-cybersecurity-challenges-a-way-forward/) They are offered to you to be the first word, not the last word, on their topics.

Submitted by: Daryl Haegley, Director, Mission Assurance & Cyber Deterrence at Dod https://www.securityweek.com/chinese-hackers-target-air-gapped-military-networks A threat actor believed to be operating out of China has been targeting physically isolated military networks in Taiwan and the Philippines, Trend Micro reports. Tracked as Tropic Trooper  < https://www.securityweek.com/operation-tropic-trooper-hits-targets-taiwan-philippines-trend-micro > and KeyBoy, and active since at least 2011, the threat actor is known for the targeting of government, military, healthcare, transportation, and high-tech industries in Taiwan < https://www.securityweek.com/cyberspies-target-taiwan-government-energy-sector > , the Philippines, and Hong Kong. Previously, the group was observed targeting victims with spear-phishing emails containing malicious attachments designed to exploit known vulnerabilities < https://www.securityweek.com/keyboy-abuses-popular-office-exploits-malware-delivery > , such as CVE-2017-0199 Thanks to => Mike Walsh from CyberX Labs => for forwarding

Submitted by: Daryl Haegley Office of the Press Secretary FOR IMMEDIATE RELEASE May 1, 2020 EXECUTIVE ORDER - - - - - - - SECURING THE UNITED STATES BULK-POWER SYSTEM      By the authority vested in me as President by the Constitution and the laws of the United States of America, including the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq.) (IEEPA), the National Emergencies Act (50 U.S.C. 1601 et seq.) (NEA), and section 301 of title 3, United States Code,      I, DONALD J. TRUMP, President of the United States of America, find that foreign adversaries are increasingly creating and exploiting vulnerabilities in the United States bulk-power system, which provides the electricity that supports our national defense, vital emergency services, critical infrastructure, economy, and way of life.  The bulk-power system is a target of those seeking to commit malicious acts against the United States and its people, including malicious cyber activities, because a successful attack on our bulk-power system would present significant risks to our economy, human health and safety, and would render the United States less capable of acting in defense of itself and its allies.      I further find that the unrestricted acquisition or use in the United States of bulk-power system electric equipment designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of foreign adversaries augments the ability of foreign adversaries to create and exploit vulnerabilities in bulk-power system electric equipment, with potentially catastrophic effects.       I therefore determine that the unrestricted foreign supply of bulk-power system electric equipment constitutes an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States, which has its source in whole or in substantial part outside the United States.  This threat exists both in the case of individual acquisitions and when acquisitions are considered as a class.  Although maintaining an open investment climate in bulk-power system electric equipment, and in the United States economy more generally, is important for the overall growth and prosperity of the United States, such openness must be balanced with the need to protect our Nation against a critical national security threat.  To address this threat, additional steps are required to protect the security, integrity, and reliability of bulk-power system electric equipment used in the United States.  In light of these findings, I hereby declare a national emergency with respect to the threat to the United States bulk-power system.      Accordingly, I hereby order: Section 1.  Prohibitions and Implementation.  (a)  The following actions are prohibited:  any acquisition, importation, transfer, or installation of any bulk-power system electric equipment (transaction) by any person, or with respect to any property, subject to the jurisdiction of the United States, where the transaction involves any property in which any foreign country or a national thereof has any interest (including through an interest in a contract for the provision of the equipment), where the transaction was initiated after the date of this order, and where the Secretary of Energy (Secretary), in coordination with the Director of the Office of Management and Budget and in consultation with the Secretary of Defense, the Secretary of Homeland Security, the Director of National Intelligence, and, as appropriate, the heads of other executive departments and agencies (agencies), has determined that:           (i)   the transaction involves bulk-power system electric equipment designed, developed, manufactured, or supplied, by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary; and           (ii)  the transaction:                (A)  poses an undue risk of sabotage to or subversion of the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of the bulk-power system in the United States;                (B)  poses an undue risk of catastrophic effects on the security or resiliency of United States critical infrastructure or the economy of the United States; or                (C)  otherwise poses an unacceptable risk to the national security of the United States or the security and safety of United States persons.      (b)  The Secretary, in consultation with the heads of other agencies as appropriate, may at the Secretary's discretion design or negotiate measures to mitigate concerns identified under section 1(a) of this order.  Such measures may serve as a precondition to the approval by the Secretary of a transaction or of a class of transactions that would otherwise be prohibited pursuant to this order.      (c)  The prohibitions in subsection (a) of this section apply except to the extent provided by statutes, or in regulations, orders, directives, or licenses that may be issued pursuant to this order, and notwithstanding any contract entered into or any license or permit granted prior to the date of this order.      (d)  The Secretary, in consultation with the heads of other agencies as appropriate, may establish and publish criteria for recognizing particular equipment and particular vendors in the bulk-power system electric equipment market as pre-qualified for future transactions; and may apply these criteria to establish and publish a list of pre-qualified equipment and vendors.  Nothing in this provision limits the Secretary's authority under this section to prohibit or otherwise regulate any transaction involving pre-qualified equipment or vendors. Sec. 2.  Authorities.  (a)  The Secretary is hereby authorized to take such actions, including directing the timing and manner of the cessation of pending and future transactions prohibited pursuant to section 1 of this order, adopting appropriate rules and regulations, and employing all other powers granted to the President by IEEPA as may be necessary to implement this order.  The heads of all agencies, including the Board of Directors of the Tennessee Valley Authority, shall take all appropriate measures within their authority as appropriate and consistent with applicable law, to implement this order.      (b)  Rules and regulations issued pursuant to this order may, among other things, determine that particular countries or persons are foreign adversaries exclusively for the purposes of this order; identify persons owned by, controlled by, or subject to the jurisdiction or direction of foreign adversaries exclusively for the purposes of this order; identify particular equipment or countries with respect to which transactions involving bulk-power system electric equipment warrant particular scrutiny under the provisions of this order; establish procedures to license transactions otherwise prohibited pursuant to this order; and identify a mechanism and relevant factors for the negotiation of agreements to mitigate concerns raised in connection with subsection 1(a) of this order.  Within 150 days of the date of this order, the Secretary, in consultation with the Secretary of Defense, the Secretary of Homeland Security, the Director of National Intelligence, and, as appropriate, the heads of other agencies, shall publish rules or regulations implementing the authorities delegated to the Secretary by this order.      (c)  The Secretary may, consistent with applicable law, redelegate any of the authorities conferred on the Secretary pursuant to this section within the Department of Energy.      (d)  As soon as practicable, the Secretary, in consultation with the Secretary of Defense, the Secretary of the Interior, the Secretary of Homeland Security, the Director of National Intelligence, the Board of Directors of the Tennessee Valley Authority, and the heads of such other agencies as the Secretary considers appropriate, shall:           (i)   identify bulk-power system electric equipment designed, developed, manufactured, or supplied, by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary that poses an undue risk of sabotage to or subversion of the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of the bulk-power system in the United States, poses an undue risk of catastrophic effects on the security or resiliency of United States critical infrastructure or the economy of the United States, or otherwise poses an unacceptable risk to the national security of the United States or the security and safety of United States persons; and           (ii)  develop recommendations on ways to identify, isolate, monitor, or replace such items as soon as practicable, taking into consideration overall risk to the bulk-power system. Sec. 3.  Task Force on Federal Energy Infrastructure Procurement Policies Related to National Security.  (a)  There is hereby established a Task Force on Federal Energy Infrastructure Procurement Policies Related to National Security (Task Force), which shall work to protect the Nation from national security threats through the coordination of Federal Government procurement of energy infrastructure and the sharing of risk information and risk management practices to inform such procurement.  The Task Force shall be chaired by the Secretary or the Secretary's designee.      (b)  In addition to the Chair of the Task Force (Chair), the Task Force membership shall include the following heads of agencies, or their designees:           (i)    the Secretary of Defense;           (ii)   the Secretary of the Interior;           (iii)  the Secretary of Commerce;           (iv)   the Secretary of Homeland Security;           (v)    the Director of National Intelligence;           (vi)   the Director of the Office of Management and Budget; and           (vii)  the head of any other agency that the Chair may designate in consultation with the Secretary of Defense and the Secretary of the Interior.      (c)  The Task Force shall:           (i)    develop a recommended consistent set of energy infrastructure procurement policies and procedures for agencies, to the extent consistent with law, to ensure that national security considerations are fully integrated across the Federal Government, and submit such recommendations to the Federal Acquisition Regulatory Council (FAR Council);           (ii)   evaluate the methods and criteria used to incorporate national security considerations into energy security and cybersecurity policymaking;           (iii)  consult with the Electricity Subsector Coordinating Council and the Oil and Natural Gas Subsector Coordinating Council in developing the recommendations and evaluation described in subsections (c)(i) through (ii) of this section; and           (iv)   conduct any other studies, develop any other recommendations, and submit any such studies and recommendations to the President, as appropriate and as directed by the Secretary.      (d)  The Department of Energy shall provide administrative support and funding for the Task Force, to the extent consistent with applicable law.      (e)  The Task Force shall meet as required by the Chair and, unless extended by the Chair, shall terminate once it has accomplished the objectives set forth in subsection (c) of this section, as determined by the Chair, and completed the reports described in subsection (f) of this section.      (f)  The Task Force shall submit to the President, through the Chair and the Director of the Office of Management and Budget:           (i)    a report within 1 year from the date of this order;           (ii)   a subsequent report at least once annually thereafter while the Task Force remains in existence; and           (iii)  such other reports as appropriate and as directed by the Chair.      (g)  In the reports submitted under subsection (f) of this section, the Task Force shall summarize its progress, findings, and recommendations described in subsection (c) of this section.      (h)  Because attacks on the bulk-power system can originate through the distribution system, the Task Force shall engage with distribution system industry groups, to the extent consistent with law and national security.  Within 180 days of receiving the recommendations pursuant to subsection (c)(i) of this section, the FAR Council shall consider proposing for notice and public comment an amendment to the applicable provisions in the Federal Acquisition Regulation to implement the recommendations provided pursuant to subsection (c)(i) of this section. Sec. 4.  Definitions.  For purposes of this order, the following definitions shall apply:      (a)  The term "bulk-power system" means (i) facilities and control systems necessary for operating an interconnected electric energy transmission network (or any portion thereof); and (ii) electric energy from generation facilities needed to maintain transmission reliability.  For the purpose of this order, this definition includes transmission lines rated at 69,000 volts (69 kV) or more, but does not include facilities used in the local distribution of electric energy.      (b)  The term "bulk-power system electric equipment" means items used in bulk-power system substations, control rooms, or power generating stations, including reactors, capacitors, substation transformers, current coupling capacitors, large generators, backup generators, substation voltage regulators, shunt capacitor equipment, automatic circuit reclosers, instrument transformers, coupling capacity voltage transformers, protective relaying, metering equipment, high voltage circuit breakers, generation turbines, industrial control systems, distributed control systems, and safety instrumented systems.  Items not included in the preceding list and that have broader application of use beyond the bulk-power system are outside the scope of this order.      (c)  The term "entity" means a partnership, association, trust, joint venture, corporation, group, subgroup, or other organization.      (d)  The term "foreign adversary" means any foreign government or foreign non-government person engaged in a long‑term pattern or serious instances of conduct significantly adverse to the national security of the United States or its allies or the security and safety of United States persons.      (e)  The term "person" means an individual or entity.      (f)  The term "procurement" means the acquiring by contract with appropriated funds of supplies or services, including installation services, by and for the use of the Federal Government, through purchase, whether the supplies or services are already in existence or must be created, developed, demonstrated, and evaluated.      (g)  The term "United States person" means any United States citizen, permanent resident alien, entity organized under the laws of the United States or any jurisdiction within the United States (including foreign branches), or any person in the United States. Sec. 5.  Recurring and Final Reports to the Congress.  The Secretary is hereby authorized to submit recurring and final reports to the Congress regarding the national emergency declared in this order, consistent with section 401(c) of the NEA (50 U.S.C. 1641(c)) and section 204(c) of IEEPA (50 U.S.C. 1703(c)). Sec. 6.  General Provisions.  (a)  Nothing in this order shall be construed to impair or otherwise affect:           (i)    the authority granted by law to an executive department or agency, or the head thereof; or           (ii)   the functions of the Director of the Office of Management and Budget relating to budgetary, administrative, or legislative proposals.      (b)  This order shall be implemented consistent with applicable law and subject to the availability of appropriations.      (c)  This order is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.                               DONALD J. TRUMP THE WHITE HOUSE,     May 1, 2020. ### The White House · 1600 Pennsylvania Ave NW · Washington, DC 20500-0003 · USA · 202-456-1111

Submitted by: Daryl Haegley, Director, Mission Assurance & Cyber Deterrence at Dod By Lt. Gen. David W. Barno, U.S. Army (ret.) and Dr. Nora Bensahel War on the Rocks -- APRIL 28, 2020 The global pandemic is about to profoundly change the U.S. military’s role in defending the United States — even if Pentagon leaders don’t know it yet. As we noted in our last column, many Americans will look at the immeasurable damage wrought by the pandemic and conclude that defending the homeland from catastrophic threats is far more urgent than defending against foreign threats far from American shores. That fundamental shift is rapidly ushering in a new era for the Department of Defense, which will upend some of its bedrock assumptions about when, where, and how the U.S. military contributes to national security. The Department of Defense has been operating under a broad national security strategy that has remained remarkably unchanged since the end of World War II. The United States has maintained a large standing military that has been forward deployed around the world to prevent direct attacks on the United States and to secure the global commons. Though the Trump administration has challenged some parts of this strategy (especially its emphasis on global allies and partners), the most recent versions of the National Security Strategy and the National Defense Strategy nevertheless reaffirmed most of its core principles. Yet the pandemic has now suddenly and vividly demonstrated that a large, forward deployed military cannot effectively protect Americans from nontraditional threats to their personal security and the American way of life. In a deeply interconnected world, geography matters far less, and the security afforded by America’s far-flung military forces has been entirely irrelevant in this disastrous crisis. The number of Americans killed by the virus is about to exceed the number of U.S. troops killed in Vietnam, unemployment is higher than it has been since the Great Depression, and the social and human toll is simply incalculable. The ultimate damage will be so great that after the pandemic, the urgent need to defend the American people from devastating threats inside the homeland will quickly displace foreign threats atop the hierarchy of national security concerns. The inevitable national security reckoning after the pandemic will pose tremendous challenges for the Department of Defense. Since the vast majority of its efforts and its enormous budget focus on deterring and defending against external threats as far away from the homeland as possible, it will need to adapt to a deeply changed environment where serious threats inside the homeland matter far more to most Americans. There are at least five key changes that will shape the choices and decisions that lie ahead for Pentagon leaders: cyber and space will be higher priorities than land, sea, and air; reliance on forward presence will diminish; the reserve component will become much more important; legacy programs and end strength will be cut — by a lot; and the prestige of the U.S. military will be dimmed. Cyber and Space Will Be Higher Priorities Than Land, Sea, and Air The U.S. military currently recognizes five warfighting domains: land, sea, air, cyber, and space. After the pandemic, external threats to the United States from the land, sea, and air will become much lower national security priorities than protecting against threats to the homeland from newly emerging and unconventional dangers. For the Department of Defense, that means a much greater emphasis on the cyber and space domains. Protecting the United States from a large-scale cyber attack on the nation’s critical infrastructure will become an extremely high priority, since it could harm the American people, economy, heath care system, and way of life at least as much (if not more than) COVID-19 already has. As horrible as this crisis is, food, water, power, and basic medical care are still largely available throughout the country and enabled by a fully functioning internet. A concerted cyber attack could upend distribution networks, disrupt power supplies and online access, and wreak havoc on a vast range of essential services from banking to telecommunications. Helping to defend the nation against this will almost certainly require the Pentagon to significantly expand the Cyber Mission Force. In particular, many more Cyber Protection Teams will be needed, and their mission should expand beyond their primary focus on .mil networks so they can provide much greater support to civil authorities and the private sector when requested. The newly created Space Force will also need to invest significant amounts of time and effort to protect U.S. civilian as well as military space assets, since they undergird every aspect of modern American life and are therefore tempting targets as well. Reliance on Forward Defense Will Diminish Forward defense has long been the cornerstone of U.S. defense strategy, but it will become less important as the focus grows on countering catastrophic threats against the homeland. In a post-pandemic world characterized by huge deficits, massive debt, and economic recession, the United States will continue to defend its most vital interests overseas: keeping NATO alive, protecting Eastern Europe from Russia, supporting Israel, and deterring conflict in Asia. But U.S. forces across the Middle East, Afghanistan, Africa, and even in some parts of the Pacific are likely to be drawn down if not withdrawn completely. The economic crisis may also require changes to U.S. force posture in the places where military forces remain, since the sprawling network of overseas bases remains expensive. The United States spends about $10 billion a year to operate these bases, a figure that would be far higher without the very substantial amount of host nation support (which includes cash payments as well as various forms of in-kind support). Yet the global recession and rising debt levels spawned by the pandemic may make it harder for allies and partners hosting U.S. troops to continue providing such high levels of support. And here at home, the economic crisis will make members of Congress even more likely to support shuttering overseas bases in order to forestall any discussion of domestic base closures, since preserving jobs in their districts becomes even more critical at a time of such staggering unemployment levels. The Reserve Component Will Become Much More Important The increasing primacy of homeland defense means that the reserve component of the U.S. military may become equally if not more important to the nation than the active component, which would completely invert the traditional relationship between them. The vast majority of the military capabilities that have been used to respond to the pandemic, and that will be needed for future homeland crises, reside in the reserve component (which includes the National Guard and the reserve forces of the individual military services). The National Guard has been an especially valuable Swiss Army knife for governors and presidents, taking on a wide range of missions that have included ensuring public safety, moving critical supplies, and augmenting medical capabilities. The reserves also contain a disproportionate amount of support capabilities (such as engineering and medical units), which provide indispensable augmentation for civil authorities during domestic crises as well as reinforcements for large combat operations. By contrast, the warfighting units that comprise most of the active component have been largely irrelevant in this crisis. The active component has provided some field hospitals, and the (mostly civilian) U.S. Army Corps of Engineers has constructed some important health care facilities, but these contributions nevertheless remain quite limited. And, unlike the active component, the reserve component simultaneously provides critical capabilities for both homeland crisis response and overseas military missions, which provides a vital hedge against foreign conventional threats. Legacy Programs and End Strength Will Be Cut — By a Lot As we’ve argued, the massive economic crisis and growing political pressures for greater domestic spending mean that the defense budget will likely plummet — and may even make the sequestration-era cuts look rosy by comparison. The combination of sharply declining budgets, less emphasis on the land, sea, and air domains, and diminishing forward presence means that expensive conventional platforms like aircraft carriers, amphibious ships, and manned fighters will likely face severe cuts. Major legacy modernization programs that were already reaching unaffordable levels (like the F-35 fighter and the Ford-class aircraft carrier) will inevitably have to be significantly scaled back, and some may be canceled outright. The services must also accept that major cuts to end strength are inevitable, and that they will probably fall heavily on the active component. The average cost of compensating an active servicemember has grown by 64 percent during the past two decades (adjusted for inflation), and active forces require substantial training and other readiness investments so they can respond rapidly to international crises. Because personnel are so expensive, budget cuts always force down end strength numbers, as happened during the first years of sequestration. But this time around, there will also be a lot of pressure to maintain, or possibly even to increase, reserve component end strength instead of spreading the cuts evenly between the two components. The reserve component offers a tremendous amount of bang for the defense buck. It provides essential capabilities for both domestic and international crises, and it is cheaper to maintain since its personnel serve on a part-time basis and are called up only when needed. As shrinking defense budgets force tough tradeoffs, the nation may have to rely more heavily on its reserve component to preserve important warfighting and homeland defense capabilities. The Prestige of the U.S. Military Will Be Dimmed The U.S. military will also face a profound cultural challenge after the pandemic, as its place in American society inevitably shifts. Since September 2001, the United States armed forces have been uncritically revered by the American people. The amount of deference and praise heaped on the all-volunteer force fighting overseas for almost two decades has been enormous, and largely warranted. But it has grown so excessive that even some in uniform now find it a source of embarrassment. Every year has brought new pay raises, more benefits, and greater visibility, which has sometimes raised expectations of ever more prestige and perquisites. Yet most of that same military, as we noted last month, has been largely on the sidelines during the coronavirus crisis. Doctors, nurses, truck drivers, and grocery store clerks are among the many types of people whose usually invisible role in making the nation function has now become blindingly obvious. Many of them are now risking their lives to keep doing their jobs, in a different but no less important way than U.S. military personnel have always done. After the pandemic, the U.S. military may receive less unchecked adulation by ordinary Americans, who have seen that there are other heroes among us every day — some of whom have sacrificed their lives during this crisis in order to keep their fellow citizens safe. Furthermore, the U.S. military may seem far less relevant to the concerns of most Americans, especially as they demand much stronger security at home, and as a military no longer conducting large-scale combat operations recedes from public visibility. This may come as an unpleasant shock for the many U.S. servicemembers who have known nothing but extraordinary accolades since 2001. It may also harm military recruiting and retention over the long term and exacerbate the already gaping chasm between the military and the society it serves. This shift may remind servicemembers that strong public support for the military is not automatic, and that they are not the only Americans who are willing to risk their lives in times of crisis in order to protect the nation. These five changes, and others that emerge after this calamitous disruption to the nation and its way of life, will all dramatically change ways in which the U.S. military approaches its core mission of defending the country. We will one day look back upon this pandemic as a major inflection point in U.S. history. In the same way that the end of the Cold War ushered in a decade of peacekeeping operations, and the Sept. 11 attacks led to the long wars in Afghanistan and Iraq, the pandemic will lead to a new era focused more on domestic rebuilding and resilience than external threats. Pentagon leaders need to start thinking now, even while the pandemic continues to tear through the fabric of the country, about how to adapt to these trends so they can best position the U.S. military for the very different environment of the years to come. Lt. Gen. David W. Barno, U.S. Army (ret.) and Dr. Nora Bensahel are visiting professors of strategic studies at the Johns Hopkins School of Advanced International Studies and senior fellows at the Philip Merrill Center for Strategic Studies. They are also contributing editors at War on the Rocks, where their column appears monthly.

Submitted by: Daryl Haegley, Director, Mission Assurance & Cyber Deterrence at Dod Zoom or Not? NSA Offers Agencies Guidance for Choosing Videoconference Tools. The agency weighs in on the questions federal employees and contractors should ask as they select collaboration platforms. By Mariam Baksh NextGov Today - APRIL 27, 2020 Video conferencing platforms Zoom and Microsoft Teams are both FedRAMP-approved, but while Zoom offers end-to-end encryption, Microsoft Teams does not. These are just two of nine factors the National Security Agency cites in its guide to help federal workers choose commercial telework tools for “safely using collaboration services,” as necessitated by the coronavirus pandemic. The guide, which NSA released Friday, applies only to commercial applications, and one strong recommendation from the agency is that, when possible, workers use U.S. government services such as Defense Collaboration Services, Intelink Services and others, which were designed specifically for secure government communications. But government workers still need to interact with external entities which might be sending them invitations via commercial applications, and the NSA has detailed a number of factors for them to weigh in deciding which ones to facilitate: Does the service implement end-to-end encryption? Are strong, well-known, testable encryption standards used? Is multi-factor authentication used to validate users’ identities? Can users see and control who connects to collaboration sessions? Does the service privacy policy allow the vendor to share data with third parties or affiliates? Do users have the ability to securely delete data from the service and its repositories as needed? Has the collaboration service’s source code been shared publicly (e.g. open source)? Has the service and/or app been reviewed or certified for use by a security-focused nationally recognized or government body? Is the service developed and/or hosted under the jurisdiction of a government with laws that could jeopardize U.S. government official use? The NSA guidance includes a disclaimer noting it is not in any way an endorsement of any specific company’s service and stressed workers should make their decisions based on further consultation with information technology support or chief information officer guidance from their own agencies or departments. Analysis by a cybersecurity expert for Project Spectrum—an initiative supported by the Defense Department’s Office of Small Business Programs—advises entities within the defense industrial base to avoid using Zoom. Among other things, the researcher cites the company’s connections to China. The Project Spectrum paper notes servers running Zoom software are located in China, along with 28% of the company’s workforce. One domestic alternative Project Spectrum recommends is Microsoft Teams. But while the NSA guide touts the benefits of open source applications, it notes that the code for Microsoft Teams is not shared. “Open source development can provide accountability that code is written to secure programming best practices and isn’t likely to introduce vulnerabilities or weaknesses that could put users and data at risk,” reads the NSA guide. NSA considered 13 service providers, including Cisco Webex, Google’s G Suite, and WhatsApp. Only three of the providers—Mattermost, Signal and Wickr—were listed as publicly sharing their source code. Without mentioning China specifically, NSA said country of origin should be a factor for assessing the safety of telework services. It did not classify the 13 providers according to this criteria, as it did with the other eight factors. “Since it is well documented that some countries require that communications be provided to law enforcement and intelligence services, it may not be wise for certain USG missions to be performed on services hosted or developed under certain foreign legal jurisdictions,” NSA says. “Users should be aware that the country of origin where products were developed is not always public knowledge.” A joint statement from the General Services Administration and the Department of Homeland Security reportedly advised federal employees to use “Zoom for Government” and not the commercial version of the company’s popular video conferencing platform. The NSA did not respond by deadline to a request for comment on whether Zoom for Government sufficiently addresses the concerns the Project Spectrum white paper raised. Click below to download a .pdf of the NSA guidelines to teleworking

By Larry Grate: Director of Technology at PREMIER System Integrators April 21, 2020 The need for business to become more efficient by leveraging the data available in their manufacturing networks, already had us on a high-speed chase to connect those systems. Now with the current COVID-19 pandemic, manufacturers are racing to make those systems available remotely to support work-from-home for configuration and troubleshooting. The challenge, as we all know, is that those systems were never designed with security in mind. Even without unanticipated vulnerabilities, the protocols already operate largely unauthenticated and unencrypted. So how do you keep systems secure when time is of the essence? Several of our customers have started working to implement one or more of the following approaches. One straightforward solution is to leverage existing virtual environments (if you have one) and spin up engineering servers so you can keep all that vulnerable traffic home. Then, if possible, we put jump hosts in a DMZ and provide a secure way to get to that engineering server. Solutions like MS RDG, or VMWare View work well for this method. Alternate solutions include installing devices with outbound only connections to cloud servers and allowing the connections to occur in the cloud, preferably coming back to an on-premise engineering server in a DMZ but, if that’s not possible then allowing direct access to equipment. A third option is allowing VPN directly into their manufacturing networks, with the obvious corollary requirement of validating the security of those connections, if a secure VPN solution was not already in place. A fourth method we’re seeing is allowing a temporary internet connection to an engineering server and using a tool such as WebEx for remote control of that asset by a support person. What has concerned me is the number of companies implementing solutions that allow connection directly into the ICS trusted environment from potentially untrusted locations. When you are in the middle of a crisis, the last thing you need is to be fighting unwanted malware with reduced staffs. I understand the need to provide remote support and allow remote work, but I encourage you to consider the risks created by your choice of methods and technologies, and document everything. Make informed decisions to allow these connections in an appropriate manner. If you are unsure what that looks like, or you want more details on some of the secure options listed, then reach out to your local CS2AI chapters. Whatever you do, consider the risk, and don’t forget you have done it when this is all over. As a side note, if possible, monitor what you have done ideally using technical controls. Especially if you are using administrative controls to disconnect your solution when it is not needed. Unfortunately, you never know who may find that connection.

By: Andrew Hall, CISSP Information System Security Manager at USAF April 21, 2020 Prefatory Note: CyberPatriot is the National Youth Cyber Education Program created by the US Air Force Association to inspire K-12 students toward careers in cybersecurity or other science, technology, engineering, and mathematics (STEM) disciplines. At the core of the program is the National Youth Cyber Defense Competition, the USA’s largest cyber defense competition that puts high school and middle school students in charge of securing virtual networks. The CyberPatriot program is an established IT cyber security  exemplifying one of the outreach efforts on the (CS)2AI projected developments board. We asked Andrew Hall to submit this article on his experience in order to provide some insight into the program for those (CS)2AI members not familiar with it, and also a greater understanding of our organizational objectives in this area. ************************************************ The CyberPatriot program started in 2009 and has grown from eight teams as a test run to now over 6,000 teams. It moved from being limited to Air Force Junior Reserve Officer Training Corps (AFJROTC) and Civil Air Patrol (CAP) units to full open division and now even down into elementary schools preparing children for futures in science, technology, engineering, and math (STEM) as well as cybersecurity. CyberPatriot competitions were initially geared toward blue team (defensive) as participants fix Red Hat and Windows (desktop and server) images while answering questions about the accounts or system configurations given to the teams within those images. More recently CISCO networking became a bigger part of the program, as well virtual network challenges. My own first interest into the program came after getting more involved in cybersecurity at work and obtaining my CISSP in 2013. After becoming friends with a mentor in the program (he mentored the winning Clearfield, UT team in 2009) I became a mentor during CyberPatriot VII in 2014-2015 for an open division team in Northern Utah where two of the teams placed in State. Mentoring a CyberPatriot team is dependent on the Coach and team you are working with as some are experienced while many are new to computers and security. Not all schools are equipped to participate and require computers to compete. A good coach (usually a teacher) will set ground rules for the students and help facilitate the mentoring for the competition. Mentors come from many different backgrounds and experience and it is good to have a few available for teams to utilize. Teams can learn from mentors between competitions, usually in formal weekly training sessions afterschool, but cannot use the mentors or coach during the competition phases. It is important to have the teams run through practice images and network questions before each competition so they can ask questions to mentors and help them learn. Mentors should also take time to prepare practice images if they are able to or do training on main principles of securing an OS such as; how to restrict accounts, setup a firewall rule, and basic CISCO switch setup. There is a lot of work to help teams prepare and compete in CyberPatriot challenges that is both difficult and rewarding, no matter where the team places in the contests. Schools wanting to participate should push for mentors to commit to multiple years of participation to help those that are interested in cybersecurity continued growth and development while also giving those with interest a place to get their feet wet. Mentors need to put forth consistent effort to help coaches and teams learn through the contest and make this a yearly activity for the school and get veteran participants encouraging and advising newcomers. Mentors then can focus on providing training at different levels and help the veteran teams get better each year. Control systems may never become part of CyberPatriot but you can influence the participants through training on all the other areas of cybersecurity while mentoring. I highly recommend working with your local schools to get them involved with CyberPatriot to provide an opportunity to youth interested in cybersecurity.

By Eddie Habibi, Founder & CEO of PAS and Jason Haward-Grau, Managing Director at KPMG US April 21, 2020 Traditionally, the worlds of IT (the hoodie) and OT (the hard hat) have been separate. That must change. For nearly 30 years, operational technology (OT) in industrial facilities was considered relatively safe from outside hacking risk. The so-called air gap between IT and OT, paired with the heavy use of proprietary industrial control systems, created a mindset of "security via obscurity." In recent years, there have been multiple, well-publicized cyberattacks on industrial facilities, which are now occurring with greater frequency and sophistication. As a result, industrial operations leaders, IT executives, and the CEOs they report to are taking significant interest in improving OT cybersecurity. One challenge to that effort is the different worlds IT (the hoodie) and OT (the hard hat) practitioners come from. Historically, these two groups have stayed out of each other's areas because of the deep and different complexity of the two domains and the rightful separation of responsibilities. To improve awareness, we've outlined the top five things IT and OT should learn from one another. 1. Operational facilities no longer are — and frankly never were — an island. The air gap between IT and OT systems and networks is no longer valid, if it ever was. IT professionals have understood that a persistent, smart hacker can eventually find a way into your network. It's not a question of if but when you will be breached, and IT leaders design their security strategy based on this premise. It's time for OT to do the same. The assumptions OT has made regarding security via obscurity are also no longer valid. With the large revenue generated by industrial facilities and hazardous processes/chemicals used, hackers have been taking more interest in distributed control systems (DCSs), programmable logic controllers, safety instrumented systems, and process control networks. These systems appear as complex black boxes to most IT people. 2. IT people don't fully appreciate the meaning of OT reliability. When discussing reliability, IT people use terms like MTTR (mean time to repair) and MTBF (mean time between failure) and, in a cloud-based world, it's common to remove a bad or compromised server and just spin up a new one. That approach doesn't fly in an industrial plant. You can't just shoot a DCS that is managing hundreds of different control valves and monitoring thousands of measurements. That can have a catastrophic impact on the personnel, the environment, and the surrounding community, not just a disruption to production and lost revenue. Today, most IT people think of servers like cattle, not pets. This has been one of the huge benefits of shared or cloud infrastructure. But this approach cannot apply when you are talking about machines that move molecules and where things can go boom — literally. 3. The concept of defense-in-depth applies to both IT and OT. Enterprise CISOs know reliance on a single solution or silver bullet puts them at risk. This is why we implement multiple firewalls, intrusion-detection tools, antivirus software as well as identity, data, and endpoint security technologies. They create multiple layers of defense, often using multiple vendors within each layer. It's like a moat around your moat backed up by a castle wall with another wall beyond that, and so on. Embracing defense-in-depth from web apps to Level 0 components (e.g., valves, sensors, actuators, robots) that move molecules in a plant is key. The concept of defense in depth isn't foreign to the OT world, which uses a similar approach called independent protection layers (IPLs). These safety layers protect, monitor, and respond when critical measurements (such as pressure and temperature) exceed predefined boundary limits. These IPLs are also a high-consequence hacking risk. One of the most prominent industrial hacking attacks recently was the inadvertent tripping of a safety instrumented system in a major refinery. This caused the entire industrial sector to take notice. 4. There's no such thing as Patch Tuesday in OT. In an industrial plant, changes must be well planned and coordinated with operations and maintenance groups. In the OT world, you might not be able to introduce changes more often than once a year or longer. Furthermore, many of the control systems have been in place for more than 15 years. We don't replace OT every three to five years like IT does. When managing security vulnerabilities, it's critical to take this into account. You also can't just put a network packet sniffer on a plant control network and build a comprehensive inventory and identify all vulnerabilities. You need much more granularity to see if a vulnerability exists on a specific I/O card or a controller within a DCS, and that requires capturing data from configuration backups. 5. OT needs to understand digital transformation will have a profound effect and it's going to be driven primarily from people who come from outside of OT. Chief digital officers and chief data officers are being appointed every day. The hiring profile rarely includes an understanding of OT. This poses a challenge because these new leaders don't know what they don't know. However, it also presents an opportunity to help them understand how a "digital plant" can drive revenue growth through improved efficiency, expanded operations, and production visibility. It also means ensuring the integrity of industrial operations from both a cybersecurity and a process safety perspective is paramount, and that requires IT and OT to work together. This article originally appeared in Dark Reading. Reprinted here with the authors’ permission.