The Need to Protect Critical Infrastructure with Cybersecurity for IoT and OT

With the growing threat of cyberattacks on critical U.S. infrastructure, is the government prepared?

A December 1, 2022, report released by the U.S. Government Accountability Office (GAO) called for immediate action on cybersecurity for IoT and OT-connected devices to provide better security for critical infrastructure vulnerable to today’s sophisticated cyber threats.

The report indicates 16 critical infrastructure areas reliant on internet-connected devices and systems, providing essential services from electricity to health care. All sectors fall under the GAO report’s high-risk category.

A primary concern for the GAO is that more action is needed to provide the level of cybersecurity required to secure these critical U.S. departments. The GAO has provided more than 90 cybersecurity recommendations since 2010, with more than 50 unimplemented as of June 2022.

Mike Sheward, Head of Security for Particle, believes the U.S. government needs to get serious about cybersecurity for IoT and OT.

Mike’s Thoughts

“On the government accountability officers report on IOT and OT security. So, there are a couple of things that jump out to me. The first is that there are no shortage of different agencies within the federal government making recommendations about cybersecurity for these kinds of devices and having lots of different recommendations from lots of different places about lots of different types of devices is a very good way to kind of get into a state of analysis paralysis and not apply anything cause you’re worried about which standard you should be applying.

So, I would like to see more of a focus on the ecosystem that those devices are connected to. Maybe kind of sorting them out by classification so we can focus on securing that platform or that environment more than each device on a device-by-device basis. That would be probably more effective. The second thing is that a lot of the previous recommendations made in the report have not been implemented yet. That’s because, in my opinion, the government is probably still in the discovery stage for a lot of this stuff. The larger the organization, the harder it is to apply any kind of cybersecurity program.

Just because you don’t know what’s out there, you lose track of it. You can’t protect what you don’t know about. It’s hard to think of many organizations that are bigger than the federal government. So, I imagine that they are, working on doing the discovery, and so I need to focus on speeding that up so that you could probably do a lot of kind of disabling of things that no longer need to be in the environment, and then focusing on the things that are left for the new security standards.

Follow us on social media for the latest updates in B2B!

Image

Latest

Revenue Cycle
Transformation Without Disruption: How Access Healthcare Is Rewiring the Revenue Cycle with Agentic AI
September 17, 2025

Hospitals are juggling shrinking margins and rising costs while denial volumes remain stubbornly high. In the revenue cycle alone, hundreds of billions are lost annually to preventable errors and inefficiencies—in fact, Access Healthcare CEO Shaji Ravi cites more than $250 billion wasted each year. Meanwhile, payers have accelerated their use of AI to adjudicate…

Read More
leading with intention
Making Meaning Out of Life’s Pause: Billie Whitehouse on Finding Strength, Setting Boundaries, and Leading With Intention
September 17, 2025

In June, Forbes profiled Billie Whitehouse, CEO and Creative Director of Wearable X, as she broke her silence about leading through a devastating health crisis. Diagnosed with stage 4 colon cancer at 27 while 22 weeks pregnant, Whitehouse underwent emergency surgery that ensured her survival, but came with the profound heartbreak of losing her…

Read More
Critical Care
Transforming the ICU Through Technology: Advances in Critical Care Telehealth Delivering Gold-Standard Care Anywhere
September 17, 2025

Critical care in the United States faces a mounting crisis. With a shortage of board-certified intensivists and younger, less experienced nurses filling ICUs, hospitals often struggle to provide timely, gold-standard care. Studies show that hospitals with board-certified intensivists in their ICUs see a 30% reduction in patient mortality, yet thousands of facilities still lack…

Read More
How to Scale Events Without Losing the Wow Factor
How to Scale Events Without Losing the Wow Factor
September 17, 2025

In this episode of Secured, host Mike Monsive, CEO of ASAP Security, reconnects with Idan Koren, CMO of Verkada, for a conversation about what it really takes to scale events without losing their impact. Idan shares how his team manages nearly 500 events a year—ranging from intimate gatherings to Verkada One, the company’s flagship…

Read More