InfoSecBulletin Cybersecurity for mankind
The US Cybersecurity and Infrastructure Security Agency (CISA) has released its first international strategic plan to enhance global cooperation in addressing cyber threats to critical infrastructure.
The plan recognizes that cyber risks are complex and spread across different regions, highlighting the importance of quickly sharing threat information and risk reduction advice with international partners.
WhatsApp banned on all US House of Representatives devices
Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems
Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform
Hackers Bypass Gmail MFA With App-Specific Password Reuse
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
CISA Director Jen Easterly commented: “In following this plan, CISA will improve coordination with our partners and strengthen international relationships to reduce risk to the globally interconnected and interdependent cyber and physical infrastructure that Americans rely on every day.” This plan builds on CISA’s first Strategic Plan from August 2023.
CISA International Strategic Plan Goals:
The new plan sets out three goals for CISA to achieve over the 2025-2026 period. These are:
Goal 1: Bolster the Resilience of Foreign Infrastructure on which the US Depends:
CISA will work with interagency and international partners to identify and understand which international systems and assets are truly critical to the nation’s critical infrastructure and assess how they are vulnerable to create strategies to manage shared risks.
It will enhance awareness of international threats and risks by improving communication with external partners about incident reporting and threat information.
CISA will collaborate with partners to develop global regulations and guidelines that enhance the cyber resilience of critical infrastructure, including emerging technology, chemical security, emergency communications, and school safety.
Goal 2: Strengthen Integrated Cyber Defense:
CISA will collaborate with partners, global groups, and NGOs to promote effective cybersecurity practices and standards for better cyber safety and security.
This involves promoting responsible state behavior in cyberspace and encouraging partners to adopt secure design principles.
The agency seeks to strengthen its network of trusted partners through CSIRT engagements. These partnerships will facilitate the sharing of useful information, including product updates, vulnerability alerts, victim notifications, and tactics.
Goal 3: Unify Agency Coordination of International Activities:
The CISA Stakeholder Engagement Division (SED) will create a team to guide international activities and clearly define the agency’s international priorities.
To achieve this goal, CISA needs to enhance systematic information sharing for better situational awareness of current and future international activities.
CISA will work on enhancing its workforce’s skills to better impact the international system. This involves training for employees deploying abroad and offering guidance on international etiquette for all travelers.
