Saturday , June 15 2024
Critical Infrastructure

A Plan to Protect Critical Infrastructure from 21st Century Threats

On April 30th, the White House released National Security Memorandum-22 (NSM) on Critical Infrastructure Security and Resilience to update national policy on protecting and securing critical infrastructure from cyber and all-hazard threats. The memorandum recognizes the changed risk landscape and aims to collaborate with partners to identify and reduce sector, cross-sector, and nationally significant risks. It will also create the 2025 National Infrastructure Risk Management Plan (National Plan) to guide federal efforts in the coming years.

As the National Coordinator for critical infrastructure security and resilience, the Cybersecurity and Infrastructure Security Agency (CISA) will create a forward-looking National Plan. It will use all available federal tools, resources, and authorities to manage and decrease risks at the national level, including risks that affect multiple critical infrastructure sectors. CISA will seek assistance from its partners and other Sector Risk Management Agencies (SRMAs) throughout the year while developing this important document.

ASUS warn serious security vulnerability on 7 routers

ASUS released a new firmware update to fix a vulnerability affecting seven router models, which could be exploited by remote...
Read More
ASUS warn serious security vulnerability on 7 routers

AWS Announced New Malware Detection Tool For S3 Buckets

AWS announced new security features at its re:Inforce conference, such as identity and malware protection services. The cloud giant added...
Read More
AWS Announced New Malware Detection Tool For S3 Buckets

150,000 phones registered under one IMEI number in Bangladesh

A smartphone's IMEI (which stands for International Mobile Equipment Identity) is a unique identifier for each device, similar to a...
Read More
150,000 phones registered under one IMEI number in Bangladesh

CISA Releases Twenty Industrial Control Systems Advisories

CISA released 20 advisories about Industrial Control Systems (ICS) on June 13, 2024. These advisories give important information about security...
Read More
CISA Releases Twenty Industrial Control Systems Advisories

Current web vulnerabilities in Bangladesh across vendor product line

On a report titled "Surge on Web defacement and web application related vulnerabilities targeting Bangladesh" BGD e-GOV CIRT said, web...
Read More
Current web vulnerabilities in Bangladesh across vendor product line

Criminals impersonating CISA’s employees in phone calls

CISA warned that criminals are pretending to be its employees in phone calls in order to trick people into sending...
Read More
Criminals impersonating CISA’s employees in phone calls

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA added 2 new vulnerabilities to its catalog of known exploited vulnerabilities, because they have proof that these vulnerabilities are...
Read More
CISA Adds Two Known Exploited Vulnerabilities to Catalog

Microsoft Tuesday fixes 51 flaws, 18 RCEs June 2024 Patch

Microsoft has released updates for 49 security vulnerabilities in its Patch Tuesday update for June. One of the fixes addresses...
Read More
Microsoft Tuesday fixes 51 flaws, 18 RCEs June 2024 Patch

Hackers breached 20,000 FortiGate systems worldwide: MIVD

The Dutch military security service MIVD recently revealed that a cyber espionage campaign, which was initially mentioned in February, managed...
Read More
Hackers breached 20,000 FortiGate systems worldwide: MIVD

Riskiest Connected Devices in 2024: Forescout Report

By 2028, there will be over 25 billion Internet of Things (IoT) devices. Attackers are increasingly targeting various devices, operating systems,...
Read More
Riskiest Connected Devices in 2024: Forescout Report

The National Plan Must Account for the Evolution of Threats, Vulnerabilities, and Consequences

The 2025 National Plan will outline how the U.S. government will work together with partners to identify and handle national risks. This plan is a continuation of the 2013 National Plan, which emphasized the importance of risk management in enhancing the security of critical infrastructure. However, there is a need for evolution in light of the increasing vulnerabilities and threats that could have widespread consequences. Fortunately, in the past decade, Congress and successive administrations have established new agencies, authorities, and partnerships that enable a comprehensive approach to national risk management. The primary responsibility for implementing this approach through the National Plan falls on CISA, as the National Coordinator.

The National Plan will be Informed by a New Risk Management Cycle

The NSM-22 introduces a new risk management cycle for SRMAs. They will identify, assess, and prioritize risks in their sectors and create risk management plans. CISA will use these plans to identify and prioritize risks at a systemic, cross-sector, and national level. This will help them focus on reducing risk in collaboration with federal, state, local, private, and international partners. The National Plan will acknowledge that it is not possible to protect all critical infrastructure from every threat. Instead, it will outline efforts to make critical infrastructure resilient against the highest-priority risks identified in sector and cross-sector assessments. CISA and other federal partners will also work closely with SRMAs to manage risks specific to their sectors.

We Need You for Us to be Successful:

The U.S. government is developing a new approach to manage risks in critical infrastructure due to technological advancements and global volatility. This includes systems such as energy grids, water systems, transportation networks, healthcare facilities, and communication systems, essential for public safety, economic stability, and national security. With increased interconnectivity, reliance on global technologies and supply chains, and geopolitical tensions, these systems are vulnerable to various threats. Managing these risks will need a national effort involving federal agencies, state, local, tribal, territorial governments, infrastructure owners and operators, and other stakeholders.

We are responsible for keeping the U.S. critical infrastructure secure and resilient. We need to be prepared for new risks and an uncertain future while also keeping an eye out for long-standing threats like terrorism, natural disasters, and targeted violence. Building strong partnerships between the federal government, private-sector, and SLTT partners is crucial for protecting the nation’s critical infrastructure.

In order for the 2025 National Plan to achieve success, it is essential that our partners actively collaborate with us to shape its development and eventual execution. We kindly request your support in working closely with your respective SRMAs throughout the process of creating your sector risk assessments and sector risk management plans. These crucial contributions will serve as the bedrock for the National Plan.

We also invite you to reach out to us at [email protected] to share any innovative ideas or suggestions you may have. Your inputs will truly be invaluable as we strive to formulate a comprehensive plan that enables the U.S. government to effectively prioritize our risk mitigation endeavors and enhance the resilience of the critical infrastructure that lies at the heart of American society. Together, we can create a safer and more secure future for all.

Check Also

Singapore-Based Absolute Telecom Allegedly Hit by Cyberattack

GhostR hacker claimed to hack Absolute Telecom PTE Ltd, a Singapore-based telecom company and stole …

Leave a Reply

Your email address will not be published. Required fields are marked *