InfoSecBulletin Cybersecurity for mankind
The US Cybersecurity and Infrastructure Security Agency (CISA) has released its first international strategic plan to enhance global cooperation in addressing cyber threats to critical infrastructure.
The plan recognizes that cyber risks are complex and spread across different regions, highlighting the importance of quickly sharing threat information and risk reduction advice with international partners.
Eight New ICS Advisories released by CISA
Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI
London-based company “Builder.ai” reportedly exposed 1.2 TB data
(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall
“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA
CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability
U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports
Daily Security Update Dated: 18.12.2024
CISA released best practices to secure Microsoft 365 Cloud environments
Data breach! Ireland fines Meta $264 million, Australia $50m
CISA Director Jen Easterly commented: “In following this plan, CISA will improve coordination with our partners and strengthen international relationships to reduce risk to the globally interconnected and interdependent cyber and physical infrastructure that Americans rely on every day.” This plan builds on CISA’s first Strategic Plan from August 2023.
CISA International Strategic Plan Goals:
The new plan sets out three goals for CISA to achieve over the 2025-2026 period. These are:
Goal 1: Bolster the Resilience of Foreign Infrastructure on which the US Depends:
CISA will work with interagency and international partners to identify and understand which international systems and assets are truly critical to the nation’s critical infrastructure and assess how they are vulnerable to create strategies to manage shared risks.
It will enhance awareness of international threats and risks by improving communication with external partners about incident reporting and threat information.
CISA will collaborate with partners to develop global regulations and guidelines that enhance the cyber resilience of critical infrastructure, including emerging technology, chemical security, emergency communications, and school safety.
Goal 2: Strengthen Integrated Cyber Defense:
CISA will collaborate with partners, global groups, and NGOs to promote effective cybersecurity practices and standards for better cyber safety and security.
This involves promoting responsible state behavior in cyberspace and encouraging partners to adopt secure design principles.
The agency seeks to strengthen its network of trusted partners through CSIRT engagements. These partnerships will facilitate the sharing of useful information, including product updates, vulnerability alerts, victim notifications, and tactics.
Goal 3: Unify Agency Coordination of International Activities:
The CISA Stakeholder Engagement Division (SED) will create a team to guide international activities and clearly define the agency’s international priorities.
To achieve this goal, CISA needs to enhance systematic information sharing for better situational awareness of current and future international activities.
CISA will work on enhancing its workforce’s skills to better impact the international system. This involves training for employees deploying abroad and offering guidance on international etiquette for all travelers.
