Sunday , October 6 2024
Critical Infrastructure

A Plan to Protect Critical Infrastructure from 21st Century Threats

On April 30th, the White House released National Security Memorandum-22 (NSM) on Critical Infrastructure Security and Resilience to update national policy on protecting and securing critical infrastructure from cyber and all-hazard threats. The memorandum recognizes the changed risk landscape and aims to collaborate with partners to identify and reduce sector, cross-sector, and nationally significant risks. It will also create the 2025 National Infrastructure Risk Management Plan (National Plan) to guide federal efforts in the coming years.

As the National Coordinator for critical infrastructure security and resilience, the Cybersecurity and Infrastructure Security Agency (CISA) will create a forward-looking National Plan. It will use all available federal tools, resources, and authorities to manage and decrease risks at the national level, including risks that affect multiple critical infrastructure sectors. CISA will seek assistance from its partners and other Sector Risk Management Agencies (SRMAs) throughout the year while developing this important document.

First Half Of 2024 Report
Bangladeshi 32.4% government websites face cyber attack: NAS report

National Attack Surface (NAS) report for the first half of 2024 reveals that 56.6% of cyberattacks in Bangladesh targeted educational...
Read More
First Half Of 2024 Report  Bangladeshi 32.4% government websites face cyber attack: NAS report

Prince Ransomware Hits UK and US

A new ransomware campaign is targeting individuals and organizations in the UK and US. The "Prince Ransomware" attack uses a...
Read More
Prince Ransomware Hits UK and US

CISA warns active exploit of Zimbra & Ivanti endpoint manager Vulns

CISA has issued an urgent alert about critical vulnerabilities being exploited in Synacor’s Zimbra Collaboration and Ivanti’s Endpoint Manager (EPM)....
Read More
CISA warns active exploit of Zimbra & Ivanti endpoint manager Vulns

A summary of “2024 State of Cybersecurity survey” by ISACA

ISACA 2024 survey report reveals that 66% of cybersecurity professionals find their jobs more stressful now than five years ago....
Read More
A summary of “2024 State of Cybersecurity survey” by ISACA

ISACA reveals
64% of Australian cybersecurity professionals feel increasing stress

A recent study by ISACA shows that almost two-thirds of cybersecurity professionals report increasing job stress. The 2024 State of...
Read More
ISACA reveals  64% of Australian cybersecurity professionals feel increasing stress

Researchers detected 31 new Malware in September

In September, cybersecurity experts discovered 31 new ransomware variants that threaten individuals and businesses. These programs encrypt valuable data, making...
Read More
Researchers detected 31 new Malware in September

CRI Release New Ransomware Response Guidance

New guidance on ransomware, released during this week's International Counter Ransomware Initiative (CRI) meeting, encourages victims to report attacks to...
Read More
CRI Release New Ransomware Response Guidance

ALERT
Over 700,000 Routers Vulnerable to Hack for 14 security flaws

Over 14 new security flaws have been found in DrayTek routers for homes and businesses, which could allow attackers to...
Read More
ALERT  Over 700,000 Routers Vulnerable to Hack for 14 security flaws

Patch it now!
Critical Zimbra RCE flaw exploited: Needs Immediate Patching

Hackers are exploiting a recently revealed RCE vulnerability in Zimbra email servers that can be activated by sending specially crafted...
Read More
Patch it now!  Critical Zimbra RCE flaw exploited: Needs Immediate Patching

CISA Warns
Network switch RCE flaw impacts critical infrastructure

CISA warns of two serious vulnerabilities in Optigo Networks ONS-S8 Aggregation Switches, which could allow authentication bypass and remote code...
Read More
CISA Warns  Network switch RCE flaw impacts critical infrastructure

The National Plan Must Account for the Evolution of Threats, Vulnerabilities, and Consequences

The 2025 National Plan will outline how the U.S. government will work together with partners to identify and handle national risks. This plan is a continuation of the 2013 National Plan, which emphasized the importance of risk management in enhancing the security of critical infrastructure. However, there is a need for evolution in light of the increasing vulnerabilities and threats that could have widespread consequences. Fortunately, in the past decade, Congress and successive administrations have established new agencies, authorities, and partnerships that enable a comprehensive approach to national risk management. The primary responsibility for implementing this approach through the National Plan falls on CISA, as the National Coordinator.

The National Plan will be Informed by a New Risk Management Cycle

The NSM-22 introduces a new risk management cycle for SRMAs. They will identify, assess, and prioritize risks in their sectors and create risk management plans. CISA will use these plans to identify and prioritize risks at a systemic, cross-sector, and national level. This will help them focus on reducing risk in collaboration with federal, state, local, private, and international partners. The National Plan will acknowledge that it is not possible to protect all critical infrastructure from every threat. Instead, it will outline efforts to make critical infrastructure resilient against the highest-priority risks identified in sector and cross-sector assessments. CISA and other federal partners will also work closely with SRMAs to manage risks specific to their sectors.

We Need You for Us to be Successful:

The U.S. government is developing a new approach to manage risks in critical infrastructure due to technological advancements and global volatility. This includes systems such as energy grids, water systems, transportation networks, healthcare facilities, and communication systems, essential for public safety, economic stability, and national security. With increased interconnectivity, reliance on global technologies and supply chains, and geopolitical tensions, these systems are vulnerable to various threats. Managing these risks will need a national effort involving federal agencies, state, local, tribal, territorial governments, infrastructure owners and operators, and other stakeholders.

We are responsible for keeping the U.S. critical infrastructure secure and resilient. We need to be prepared for new risks and an uncertain future while also keeping an eye out for long-standing threats like terrorism, natural disasters, and targeted violence. Building strong partnerships between the federal government, private-sector, and SLTT partners is crucial for protecting the nation’s critical infrastructure.

In order for the 2025 National Plan to achieve success, it is essential that our partners actively collaborate with us to shape its development and eventual execution. We kindly request your support in working closely with your respective SRMAs throughout the process of creating your sector risk assessments and sector risk management plans. These crucial contributions will serve as the bedrock for the National Plan.

We also invite you to reach out to us at [email protected] to share any innovative ideas or suggestions you may have. Your inputs will truly be invaluable as we strive to formulate a comprehensive plan that enables the U.S. government to effectively prioritize our risk mitigation endeavors and enhance the resilience of the critical infrastructure that lies at the heart of American society. Together, we can create a safer and more secure future for all.

Check Also

photo

Meta fined $101 million for storing passwords in plaintext

Meta was fined over $100 million by the EU privacy regulator on Friday due to …

Leave a Reply

Your email address will not be published. Required fields are marked *