Enterprise
USA
Argentina
Brazil
Chile
Colombia
Costa Rica
Dominican Republic
Ecuador
El Salvador
Guatemala
Honduras
Nicaragua
Panama
Paraguay
Peru
Puerto Rico
Spain
United States
Uruguay
Solutions
Cloud Services
Cyber Security
Managed Network & Comm Services
Managed IT Services
Internet of Things (IoT)
Managed Cloud Services
Cloud Services

Services

Cybersecurity
Unified Endpoint Management (UEM)
Managed Detection and Response (MDR+)
Cyber-Physical Security
Penetration Testing
Vulnerability Management
Secure Managed LAN
CyberSOC
Zero Trust Endpoint Security Solution
Managed Security Awareness Training
Managed Network
UCaaS with Webex
Enterprise Cloud Connect
Business Internet
International Toll-Free Services (ITFS)
CCaaS
SD-WAN
All-in-One Connect
SD-WAN SASE
Broadband
MPLS (Multi-Protocol Label Switching)
Ethernet
Cloud Services
Amazon Web Services
Collaboration Security Management
Cloud Backup
Cloud Migration Services
Enterprise Claro Cloud
Microsoft Azure
Microsoft Dynamics 365
Microsoft Office 365
Managed IT Services
Software Factory
IT Staff Augmentation
Global Service Desk
Internet of Things
AI Video Analytics
Asset Insight
IoT SIM
Industries

Industries

Property Management
City Services
Manufacturing
Logistics
Healthcare
Retail
Private Education
Commercial Construction
Cloud Services
Cyber Security
Managed Network & Comm Services
Managed IT Services
Internet of Things (IoT)
Managed Cloud Services
Cloud Services
Property Management
City Services
Manufacturing
Logistics
Healthcare
Retail
Private Education
Commercial Construction
Industries

Industries

Property Management
City Services
Manufacturing
Logistics
Healthcare
Retail
Private Education
Commercial Construction
Cloud Services
Cyber Security
Managed Network & Comm Services
Managed IT Services
Internet of Things (IoT)
Managed Cloud Services
Cloud Services
Property Management
City Services
Manufacturing
Logistics
Healthcare
Retail
Private Education
Commercial Construction
Company

Company

About Us
Press Releases
Blog
Knowledge
Careers
eCare
Events
About Us
Press Releases
Blog
Knowledge
Careers
eCare
Events
Company

Company

About Us
Press Releases
Blog
Knowledge
Careers
eCare
Events
About Us
Press Releases
Blog
Knowledge
Careers
eCare
Events
Multinational
Contact us
Home
Blog
Article

Cyber-Physical Resilience (PCAST) Report: Implications for daily business operations

Published on
August 5, 2024
Cybersecurity motherboard
Patrick Verdugo
LinkedIn
Manager of IoT and Over the Top Solutions, with extensive global and cross-industry IoT experience providing tailored solutions characterized by reliability, scalability, performance and high availability.
Subscribe to newsletter
Tags
Red bullet
Cyber Security
Red bullet
Remote Workforce
Red bullet
Digital Transformation
Red bullet
Contact Center
Red bullet
Security
Red bullet
Edge Intelligence
Red bullet
Connectivity
Red bullet
Collaboration & Voice
Share this post

As digital workflows become more integral to our operations, our reliance on cyber-physical systems (CPS) has intensified. This growing dependence brings with it new vulnerabilities, creating more opportunities for exploitation by malicious actors.  

A recent Presidential Report on Cyber-Physical Resilience for Critical Infrastructure, from The President’s Council of Advisors on Science and Technology (PCAST), highlights these vulnerabilities, affecting not just local water utilities and power grids, but also schools, property management firms, home builders, and a myriad of other businesses that form the backbone of our communities.

As cyber attackers adopt an increasingly sophisticated array of AI-powered tools, security teams find themselves perpetually on the defensive, struggling to protect a sprawling and vulnerable cyber-physical landscape. Although recent advancements in Multi-Factor Authentication (MFA), Managed Detection and Response (MDR), and Zero Trust have provided temporary defensive gains, the rapid evolution and potency of new technologies such as AI (Artificial Intelligence) and drones have allowed cyber-criminals to regain the upper hand, creating an ever-growing need to reduce operational and security risk in CPS environments

‍Enhancing the resilience of cyber-physical systems

What exactly is a cyber-physical system (CPS)? And how do we better protect increasingly digitized critical infrastructure against system failures or attacks?  

PCAST sheds light on this concept in their report, defining CPS as "physical systems that utilize computing technology for sensing, analysis, tracking controls, connectivity, coordination, or communications." This broad definition encompasses a vast array of sectors, affecting every business, organization, and individual in the United States.  

PCAST further urges the 16 critical infrastructure sectors to urgently adopt an integrated cyber-physical resilience strategy. This approach should not only prioritize security and attack prevention but also guarantee the provision of services with a "minimal viable operating capability." It must account for scenarios where access to digital systems or the Internet is disrupted for extended periods. The core message is clear: our physical systems, which deliver essential services to millions across the nation, need to be robust enough to handle any cyber system disruptions through thorough planning and effective implementation.

‍The growing threat of cyber-physical convergence

Threat dynamics today are evolving at an unprecedented pace, marked by significant advancements and novel approaches. Over the past 18 months, Artificial Intelligence has made remarkable strides, providing threat actors with powerful tools for swift reconnaissance and rapid exploitation. Beyond AI, we have observed incidents where drones, outfitted with sophisticated hacking devices, have landed on rooftops to infiltrate WIFI access points. Additionally, innovative gadgets like the Flipper Zero can replicate access badges, credit cards, crack WIFI passwords, and perform numerous other functions. These emerging tools expand the arsenal of tactics, techniques, and procedures available to hackers, enabling them to outmaneuver security teams with increasing creativity and efficiency.

In response to the swiftly escalating challenges and to offer direction to the diverse and expansive managed critical infrastructure sector, the President’s Council of Advisors on Science and Technology (PCAST) published a report on February 28, 2024, titled "Strategy for Cyber-Physical Resilience: Fortifying Our Critical Infrastructure for a Digital World." The report emphasizes that our cyber-physical systems are becoming more susceptible to threats from nation-states, terrorist organizations, criminal elements, and various natural disasters.

‍PCAST recommendations for building cyber-physical resilience

PCAST outlines a comprehensive set of actions aimed at strengthening the resilience of the Nation’s critical infrastructure. The report provides detailed measures for implementing each action. Among its key recommendations are:

  • Prioritizing the construction of resilient systems, particularly within the 16 critical infrastructure sectors.
  • Adopting a minimum viable operating capability to meet delivery objectives.
  • Ensuring radical transparency throughout processes.
  • Designing systems to be inherently secure and resilient.
  • Containing potential damage through strategic design to limit failure impact.
  • Utilizing advancements in AI for enhancing resilience.
  • Developing the ability to decode and understand attacks.
  • Implementing effective countermeasures in response to threats.
  • Integrating cybersecurity, resilience, reliability, and recoverability within information systems, critical infrastructure, and operational technology.
  • Achieving cyber-physical convergence by dismantling security silos and fostering improved communication.

‍Reducing the impact of cyber-physical breaches on core assets

Although the central theme is the convergence of cyber and physical security, the report contains numerous substantial recommendations that merit individual discussion in future posts. One crucial yet often overlooked issue is “bounded failure,” which involves containing the impact of security breaches through thoughtful design. Emphasis should be placed on safeguarding the core assets—the primary product or service offered—by establishing a "minimum viable operating capability," as advocated by PCAST.

Consider a community water supply business as an example. The critical assets, or "crown jewels," span the entire water delivery chain: from the water's origin sources and quality assurance systems to filtration mechanisms, pump and valve infrastructure, and main water pipelines. Physical security measures like AI-enhanced surveillance cameras, barriers, and the protection of necessary digital systems are vital to maintaining the integrity of these assets. In contrast, functions such as marketing, accounting, and human resources, though supportive, are not crucial to the core mission of delivering clean water.

Therefore, greater focus should be directed towards fortifying these essential systems and limiting the damage from any breaches. If a cyber incident impacts a non-essential function, it must be effectively isolated from the core operations. Additionally, robust contingency plans should be developed to enable manual operations, ensuring continuity without reliance on digital or cyber systems.

‍Conclusion

The PCAST report, though primarily aimed at guiding the 16 critical infrastructure sectors, contains invaluable information and principles that any organization can adopt to enhance their operational capabilities. The foundation for optimizing cyber-physical operations lies in the intentional design of systems that are inherently resilient and secure, safeguarding key assets and delivery goals. Integrating cyber and physical security teams to improve incident response and ensuring a minimum viable operating capability during cyber system downtimes or breaches, are also crucial.

Achieving resilient cyber-physical systems requires a continual process of identifying service delivery vulnerabilities, strategic planning, and remediation—topics that will be explored in upcoming posts. The resilience of systems hinges on the resilience of well-crafted teams, committed to persistent effort and incremental learning, which collectively drive the achievement of critical performance objectives.

Insights

Stay up to date on pivotal trends in information technology that are set to define the future of business. Subscribe to our blog today!
Subscribe Now
Blog
News
Knowledge

The 5 pillars of cybersecurity leadership in 2025

Learn more

How Claro used AI to help Dover, NJ build a safer, smarter town

Learn more

Managed Cloud Migration Services: The Key to Seamless Digital Transformation

Learn more
View all Solutions

Claro Nestlé Partner to Enhance LATAM Connectivity

Learn more

Claro Wins 2025 Cybersecurity Excellence Award for Best Managed Security Service Provider

Learn more

Claro Named One of the Nation's Best and Brightest Companies to Work For

Learn more
View all News

How UCaaS Helps Retailers Improve Collaboration

Learn more

3 Stages to Improve Your Cybersecurity Strategy

Learn more

UCaaS and Security Bundle

Learn more
View all Knowledge
View all

All the solutions for your business sector

Experience best-in-breed technology solutions.

Cyber Security
Comprised of a curated group of best-in-class security solutions that have been sourced, evaluated, tested...
View Solutions
Cloud Services
Digital Transformation made easy: Maximize Scalability and Unlock Your Business's Potential with Cloud Services.
View Solutions
Internet of Things
Our IoT solutions bring security focused, smart technology directly to the source of critical business activity...
View Solutions
Managed Network
Slow connections and complex networks waste valuable time. Spend less by streamlining critical functions and...
View Solutions
Managed IT Services
Access remote and highly secure IT infrastructure management using Managed IT Service Provider solutions...
View Solutions
Solutions
Cloud Services
Cyber Security
Managed Network & Comm Services
Managed IT Services
Internet of Things (IoT)
Managed Cloud Services
Industries
Property Management
City Services
Manufacturing
Logistics
Healthcare
Retail
Private Education
Commercial Construction
Our Company
About UsNewsBlogKnowledgeCareersEventsLegal NoticesIntegrity and Compliance Program (ICP)
Corporate Tools
Carriers PortalCustomer PortalChannel Partner PortalQuote Tool Carrier
© Copyright 2025
Legal
Complaints Portal
Privacy Policy