COMMENTARY: Bipartisan effort needed to advance cyber protections for critical infrastructure
Gettyimages.com/da-kuk
Cybersecurity strategies must remain flexible and agile in the ongoing arms race against cybercriminals, writes Paul Aronhime of Keeper Security.
The security of a nation’s critical infrastructure is foundational to public safety. Given the potential for catastrophic consequences, safeguarding these systems against cyber-attacks is as vital as defending them from physical threats.
With cybercriminals becoming more sophisticated, and artificial intelligence enhancing their methods, the risks to critical infrastructure are escalating daily.
U.S. infrastructure, ranging from power grids to water systems and national security technologies, is a complex and interconnected network. As the landscape of cyber threats grows, government security professionals continually assess systems for vulnerabilities, recognizing that cybersecurity is an integral aspect of national security.
To stay ahead, evaluating cybersecurity strategies, addressing emerging threats and vulnerabilities, and investing in advanced security solutions remain key priorities.
Greater Emphasis on Cybersecurity for Critical Infrastructure
Today, both public and private sector funding is strengthening cyber protections for critical infrastructure and the government services that keep our nation running efficiently. However, despite increased investment, adversarial cyberattacks and cyber espionage continue to destabilize operations, threatening, and at times, succeeding in disrupting power grids, transportation networks, financial institutions and other essential services.
In response, governments are becoming more collaborative and vigilant. Fortifying critical infrastructure requires a unified effort, with private sector technology, law enforcement, government agencies and educational institutions working together to share tools, intelligence and strategies to combat cybercrime networks.
Resources from government agencies, such as the Cybersecurity and Infrastructure Security Agency (CISA), have been instrumental in educating the public, with significant support from technology industry leaders.
Continued coordination will require broad, bipartisan support. Historically, both sides of the aisle have recognized the growing threat of cyber attacks and supported cybersecurity funding and legislation to improve security in national critical infrastructure sectors.
The financial services sector demonstrates how bipartisan scrutiny can strengthen cybersecurity defenses. For instance, recent legislative efforts that strengthen oversight of credit union organizations and service providers, highlight the collaborative focus on securing this critical infrastructure. By addressing vulnerabilities and reinforcing cybersecurity frameworks, these measures exemplify how bipartisan cooperation can lead to tangible improvements in protecting specific sectors from evolving cyber threats.
Regulatory pressures on the Securities & Exchange Commission have led to proposals aimed at improving cybersecurity governance and risk management across industries. These measures encourage organizations to adopt advanced tools and best practices, enabling a more proactive stance against evolving cyber threats.
Building on this momentum, Executive Order 14114 further underscores the federal government’s commitment to strengthening cybersecurity policies. By mandating stricter security requirements for government vendors and contractors, the order not only addresses critical vulnerabilities but also creates ripple effects that benefit the private sector, incentivizing the development and adoption of more secure products and services industrywide.
The Secure American Communications Act, a recently introduced Senate bill, mandates that telecom companies meet specific cybersecurity compliance rules, such as conducting annual system testing. These measures could have mitigated the recent hack and wiretap incidents perpetrated by the cyber espionage group Salt Typhoon.
As the federal government rolls out executive orders and binding directives for infrastructure protections, the implementation of cybersecurity technologies and adherence to best practices must remain a priority.
Protect Privileged Accounts in the Modern Digital Era
In the face of advanced cyber attacks targeting critical infrastructure, particularly in sectors like healthcare, the old adage “the best offense is a good defense” rings true. Many organizations, and federal agencies themselves, have learned the hard way that no one is immune to an attack.
Research consistently shows that the vast majority of successful breaches and cyber attacks are tied to weak or stolen credentials, compromised passwords, secrets and other human-related vulnerabilities. Protecting privileged accounts is crucial to preventing such breaches.
Zero-trust Privileged Access Management (PAM) solutions offer a robust defense by enforcing strict access controls and minimizing risk, particularly when it comes to preventing unauthorized lateral movement during an attack that can lead to an organization’s crown jewels.
PAM tools allow for granular control over user permissions and enable continuous monitoring for suspicious activity, empowering organizations to swiftly respond to threats before they impact sensitive data. With advanced features like Just-in-Time (JIT) access, privilege elevation and delegation management, PAM solutions also support compliance efforts and streamline security operations.
To minimize the impact of an attack, organizations must invest in prevention through zero-trust PAM solutions that will limit, if not altogether prevent, a bad actor’s access.
Embracing a zero-trust framework is vital for securing modern, cloud-based data environments. These frameworks must adapt alongside evolving technologies, workflows and threat landscapes. Continual refinement and adaptation of zero-trust architectures are necessary to ensure they remain effective in mitigating risks and protecting sensitive data.
Further, organizations should follow NIST guidelines to defend against the most prevalent cyber attacks, particularly those stemming from credential compromise. NIST standards for preventive measures, including heightened awareness and strong cyber hygiene practices, can significantly reduce the fallout from data breaches and other cyber incidents.
Shoring up Defenses as the Digital Future Unfolds
As the threat landscape evolves, continued investments in cybersecurity are essential for protecting critical infrastructure. Resources like CISA’s recently updated National Cyber Incident Response Plan provide guidance for engaging groups beyond federal agencies in responding to cyber attacks.
With this in mind, NIST, federal agencies and their partners must evaluate and adopt security guidelines and advanced protections. FedRAMP-accredited providers play a critical role in protecting critical infrastructure, ensuring that systems meet federal requirements and are resilient against the most sophisticated threats.
In the ongoing arms race against cybercriminals, cybersecurity strategies must remain flexible and agile, adapting to emerging risks while providing comprehensive protection for critical national assets.
Paul Aronhime is the senior vice president of Federal Sector at Keeper Security. A U.S. Army veteran, Paul has dedicated his career to protecting the nation's most sensitive assets. He has over two decades of experience in defense, federal civilian and private sector roles, including senior positions at General Dynamics, IBM and Science Applications International Corporation. His leadership has been instrumental in driving initiatives within the Department of Defense, combatant commands and various federal agencies. He was recently named one of WashingtonExec's Top Public Sector Leaders to Watch in 2025.