NASHVILLE, Tenn., Feb. 29, 2024 (GLOBE NEWSWIRE) -- Phosphorus Cybersecurity Inc., the leading provider of unified, prevention-based security management for the xTended Internet of Things (xIoT), is urging all federal agencies to follow the federal government’s recommendations for establishing complete inventories and visibility of their IoT/OT estates and attack surface, as cyber threats to Cyber-Physical Systems (CPS) and critical national infrastructure (CNI) continue to rise.
In a recent memorandum, the White House’s Office of Management and Budget (OMB) has mandated that federal agencies must establish an “enterprise-wide inventory” for their entire IoT and OT estates by the end of Fiscal Year 2024. This is part of the OMB’s broader zero-trust initiative to enhance the cybersecurity posture of federal infrastructures by ensuring comprehensive visibility, continuous monitoring, and proactive risk mitigation against cyber threats. It also aligns with recent CISA and NIST efforts to enhance cybersecurity practices and resilience across the nation’s critical infrastructure.
However, discovering and assessing the broad array of IoT and OT assets can be particularly daunting, not just for government agencies, but for any sizable organization.
Here are some of the key challenges to expect:
- Vast and diverse nature of IoT/OT ecosystems: For large organizations, IoT and OT footprints can easily number in the hundreds of thousands to millions of unique devices. These can range from surveillance cameras and printers to access control systems, HVAC systems, PLCs, SCADA Systems, and more.
- Difficult design: Many of these devices were not designed with enterprise management or security in mind. This makes discovery/assessment difficult without specialized tools that can communicate with these devices in their native languages.
- OEM products: Finding banned and other high-risk OEM products which are components in other systems can also be difficult.
- Decentralized deployment: IoT/OT devices are often scattered across many different – and occasionally remote – locations, making it difficult to assess them manually, without a robust automated solution.
- Variety of vendors and protocols: Within each IoT/OT device category, there can be many different types, models, and brands, each with its own unique profile and protocols. This makes it difficult to assess each device individually unless you have a highly diversified, technology-agnostic automated solution.
- Legacy systems: 30% of IoT/OT devices are end-of-life and no longer supported. These legacy systems are difficult to integrate with modern cybersecurity frameworks, unless your platform is specifically attuned to them.
Phosphorus’ Approach to Federal Cybersecurity Compliance
Phosphorus’ Gartner-recognized Unified xIoT Security Management Platform specifically addresses each of these problems. In addition to meeting the OMB’s directives for discovery and compliance, Phosphorus’ agentless, software-based platform additionally provides in-depth device risk assessments, robust hardening and remediation, as well as ongoing operational management and monitoring – through its unique ability to directly communicate with devices in their native languages.
Phosphorus provides a comprehensive and forward-looking security framework that adapts to the evolving cyber threat landscape so that federal agencies are not just compliant, but are also equipped to proactively defend against and respond to new cybersecurity challenges.
- Intelligent Active Discovery: Phosphorus' automated platform employs advanced scanning techniques to identify and catalog every connected device within the agency's network, including over 500 vendors and one million device models. It is 98% faster than passive legacy scanners and up to 95% more efficient (lighter) than legacy active scanners.
- Dynamic Risk Assessment: Leveraging direct interaction with the CPS asset, Phosphorus collects over 3X more high-fidelity device metadata from IoT/OT assets than any other service – including device posture, status of device credentials, current firmware version and CVEs, certificate status, risky configurations, device end-of-life status, banned devices, and more.
- Automated Remediation Strategies: Upon identifying risks, Phosphorus' solution automates the remediation process, applying patches, updating configurations, and managing credentials without the need for manual intervention. This automated capability significantly reduces the window of opportunity for attackers.
- Continuous Compliance Monitoring: The platform offers continuous monitoring and reporting features that ensure agencies remain compliant with federal cybersecurity standards over time. It automatically documents all actions taken, from discovery through remediation, providing a transparent and auditable trail that simplifies compliance verification.
- Adaptive Security Policies: Recognizing the unique security needs of different federal agencies, Phosphorus allows for the customization of security policies and procedures. Agencies can tailor the platform's settings to align with their specific operational environments, threat landscapes, and regulatory obligations, ensuring a more effective and targeted cybersecurity approach.
To learn more about how Phosphorus can help organizations achieve full discovery, visibility, protection, management, and monitoring for large IoT/OT deployments, read this article about “Advancing Federal Cybersecurity with Comprehensive IoT/OT Asset Management” or visit www.phosphorus.io.
ABOUT PHOSPHORUS
Phosphorus Cybersecurity® is the leading CPS Protection Platform delivering a proactive approach to security management and breach prevention for the exploding IoT, OT, IIoT, and IoMT attack surface. Designed to find and secure the rapidly growing, unknown, and often unmonitored world of Cyber-Physical Systems across the xTended Internet of Things landscape, our Unified xIoT Security Management Platform provides unmatched security management and breach prevention across every industry vertical—delivering high-fidelity discovery and risk assessment, proactive hardening and remediation, and continuous monitoring and management. With patented xIoT Intelligent Active Discovery and risk assessment, Phosphorus automates the mitigation and remediation of the most significant IoT, OT, IIoT, and IoMT device vulnerabilities – including unknown and inaccurate asset inventory, default credentials, out-of-date and vulnerable firmware, risky configurations, banned and end-of-life devices, and expired or self-signed certificates. Follow Phosphorus on LinkedIn, Twitter, Threads, and YouTube, and learn more at www.phosphorus.io.