This is the third post in our series of blogs recognizing National Preparedness Month.
As discussed in the previous week’s post, preparedness is not an abstract exercise. It’s the disciplined, proactive process of anticipating risks to resilience and operations, assigning timely ownership, and empowering people across the organization to act decisively and confidently when risks surface.
The week two blog calls out the need to synthesize risk signals so that preparedness programs are well-informed. This is crucial because without a broad understanding of risk signals, the resulting lack of clarification can spell disaster. What’s more, the lack of accountability and ownership can do further damage.
In this week’s blog, we’ll examine how to build a wider culture of risk awareness and preparedness throughout an organization, and discuss why this is crucial for cyber leaders in states, localities, tribes, and territories (SLTT) who are charged with protecting cyber-physical systems (CPS).
Cultivating A Culture of Risk Awareness
When it comes to protecting CPS, preparedness isn't just about risk awareness. It's about embedding a security-first mindset into every aspect of an organization's culture. For SLTT leaders, this means moving beyond the cybersecurity department and making preparedness a shared responsibility. The role of a cybersecurity leader responsible for CPS is not just about technical risks, but about managing societal risk, and every employee has a part to play in protecting their community from service failures.
Cultivating this culture requires a significant shift. This can be achieved through several practical examples throughout any organization, which include:
Cross-Departmental Drills
Conduct regular, realistic exercises that involve not just IT and security teams, but also public relations, operations, general counsel, and leadership. For example, a water utility could run a drill simulating a ransomware attack that affects its billing system and operational technology (OT) controls, resulting in operations, communications, and IT teams to work together to restore services, while PR and legal manage public messaging.
Empowering Frontline Workers
Train and empower staff who are closest to the operational systems, like utility managers or transportation crew members, to act as the first line of defense. Give them a clear, simple reporting process for suspicious activity or physical security anomalies.
Celebrating Preparedness
Recognize and reward teams that actively participate in training, report potential risks, and contribute to preparedness planning. This reinforces that security is a valued part of everyone's job, not just a compliance requirement.
The strength of this culture ultimately depends on the relationships forged across departments. Trust and communication are the foundation of effective preparedness, allowing information to flow freely and risks to be addressed collaboratively.
Preparedness Needs Healthy Relationships
A critical part of any effective plan is building purposeful, authentic relationships. Just like building a cybersecurity strategy is a journey, so too is preparedness and, by extension, so is building relationships. For traditional cybersecurity teams, coming to terms with their new responsibilities for OT security means understanding the lay of the land. This process depends on relationships as a bridge to understanding.
When it comes to preparedness, a tool called a risk view can help bridge the departmental divide and go a long way toward strengthening these relationships.
Developing and Maintaining Shared Risk Views
A risk view describes the nature and impact of a risk item or an entire risk domain from the perspective of one or more stakeholders. When risk views are shared throughout departments, preparedness is in a good place. For example, a state or local government’s finance department may see a cyber-physical systems risk as an exposure that could impact municipal bond ratings. Operations sees the same risk as potential downtime, while IT sees it as a vulnerability with a high likelihood of exploitability.
When these views converge, accountability and ownership take shape. This shared awareness then paves the way for empowerment.
From Awareness to Empowerment
Awareness without empowerment is like spotting smoke signals without pulling the fire alarm. Preparedness demands that every role—from the line crew and control room operator to the utility manager and threat hunter—sees their role in the preparedness picture.
Empowerment means that these critical workers have the power and the right to tactfully speak up without fear of repercussions. They can even act immediately on risks within their direct purview. This is especially true in cyber-physical environments where frontline staff are often the first to notice anomalies or unsafe conditions.
Empowerment also means giving staff clear pathways for escalation and actively inviting their feedback during contingency planning. These feedback loops transform passive awareness into active preparedness.
Contingencies and Incident Response Patterns for CPS
As demonstrated by NIST's Contingency Planning Guide, planning is inseparable from resilience. For CPS security, this means identifying every system whose failure could ripple across a community. This includes water treatment controls, SCADA for grid distribution, traffic management, and emergency communications.
These critical systems must be a part of any preparedness, disaster recovery, and continuity of operations planning. They should also be part of continuous monitoring programs. This ensures that anomalies aren't just localized concerns but are aggregated to trigger rehearsed, coordinated responses across the organization.
Preparedness in protecting your CPS environment requires familiarity with living patterns of response that are periodically tested for completeness, accuracy, and actionability at every level.
How Claroty Can Help Public Sector Organizations Stay Prepared
The Claroty Platform is designed to empower organizations in the public sector to stay protected, compliant, and resilient in the face of an evolving threat landscape. The platform’s features include:
Automatically discovering assets across OT and CPS environments for swift time to value. Maintaining deep asset visibility supports preparedness goals.
Tying technical exposures to business impact for appropriate treatment of risk. Understanding the exposure levels of mission-critical assets also supports preparedness goals.
Managing and assigning alerts to the appropriate parties for prompt treatment before they become cyber-physical incidents. Ensuring alerts don't become critical incidents enhances cyber-operational resilience through continuous diligence.
Providing deep reporting capabilities that allow leaders to see not just vulnerabilities, but their preparedness posture and exposure in real-time.
Through these capabilities, Claroty offers organizations in the public sector unmatched flexibility, deep asset identification, secure remote access for dispersed workforces, and simplified compliance with the latest cybersecurity frameworks.
