- Docker Desktop 4.36 | Docker
- This 3-in-1 MagSafe dock will charge your Apple devices while keeping them cool (and for Black Friday it's only $48)
- Why Cisco Leads with Wi-Fi 7: Transforming Future Connectivity
- What is AI networking? How it automates your infrastructure (but faces challenges)
- I traveled with a solar panel that's lighter than a MacBook, and it's my new backpack essential (and now get 23% off for Black Friday)
CISA Unveils Cybersecurity Goals For Critical Infrastructure Sectors
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new report outlining baseline cybersecurity performance goals (CPGs) for all critical infrastructure sectors.
The document is the result of a July 2021 security memorandum signed by President Biden. It has tasked CISA and the National Institute of Standards and Technology (NIST) with creating fundamental cybersecurity practices for critical infrastructure, mainly to help small- and medium-sized enterprises (SMEs) improve their cybersecurity efforts.
“The CPGs are a prioritized subset of IT and operational technology (OT) cybersecurity practices that critical infrastructure owners and operators can implement to meaningfully reduce the likelihood and impact of known risks and adversary techniques,” CISA wrote.
The goals have been established based on existing cybersecurity frameworks and guidance. They also rely on real-world threats and adversary tactics, techniques and procedures (TTPs) observed by CISA and its partners.
“By implementing these goals, owners and operators will not only reduce risks to critical infrastructure operations but also to the American people,” the report reads.
CISA also added that it plans to update these goals every six to 12 months.
“As technologies evolve, the risks, TTPs and scope will naturally change. This, coupled with the evolution of Industrial Revolution 4.0, will morph the recommendations and outcomes as appropriate,” Edward Liebig, global director of cyber-ecosystem at Hexagon, told Infosecurity.
At the same time, the executive added that CISA’s plans to draft sector-specific goals with regulatory agencies may become challenging to maintain over time without close involvement with industry vertical operators.
“There should be a concerted effort to establish and encourage participation in industry-specific Information Sharing and Analysis Centers (ISAC), such as the Electricity Information Sharing and Analysis Center (E-ISAC), as collaboration among vendors will go further in solving the problems within OT security,” Liebig concluded.
The CISA report comes months after Cyble researchers discovered more than 8000 exposed Virtual Network Computing (VNC) instances that could lead to remote compromise attacks against critical infrastructure organizations.