Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

CISA Sets Voluntary Cyber Performance Targets for Critical Infrastructure

A new set of documents and resources from the agency is designed to help critical infrastructure operators manage the basics of cybersecurity.

The Cybersecurity and Infrastructure Security Agency wants private sector critical infrastructure providers to meet basic cybersecurity hygiene guidelines in their operations. A set of voluntary cybersecurity performance goals released by the agency on Thursday sets out targets for identity, device and network security as well as guidelines for operational technology systems, incident response, cyber training, governance and secure acquisition.

The documents are intended as “a set of baseline cybersecurity goals” across all critical infrastructure sectors meant to address “medium-to-high impact cybersecurity risks,” CISA Director Jen Easterly said in a statement on Thursday. 

The voluntary goals aren’t meant to be fully comprehensive but they are designed to “capture a core set of cybersecurity practices with known risk-reduction value broadly applicable across sectors.” These practices range from basics like multi-factor authentication and password strength to areas more specifically applicable to critical infrastructure, such as the need to keep operational technology assets off the public internet whenever possible. 

CISA also recommends that every critical infrastructure provider across all sectors have a single leader who is “responsible and accountable for cybersecurity” within their organization. The agency said it plans to work with critical infrastructure partners to continue developing sector-specific goals in the coming months.

The package released by CISA also includes a checklist to help cybersecurity workers track their progress in meeting the targets and a spreadsheet that drills into the specific supporting documentation from the National Institute of Standards and Technology and other sources as well as public-facing resources from CISA on known exploits, incident reporting and more.

“CISA took extensive input and feedback from industry stakeholders and this updated guidance reflects that they were listening closely, providing actionable but not overly prescriptive guidance – exactly the type of support the community has been requesting,” said Robert M. Lee, CEO and co-founder of cybersecurity vendor Dragos. “This guidance can help lift industrial cybersecurity standards across the board to better protect our nation’s critical infrastructure.”

The goals are an outgrowth of a 2021 presidential national security memorandum  requiring DHS to establish sector-specific performance goals for critical infrastructure. The agency also launched a discussion page alongside the new goals to solicit feedback and input on future recommendations for sector-specific critical infrastructure recommendations.

Homeland Security Secretary Alejandro Mayorkas said in a statement that the new goals “will help organizations decide how to leverage their cybersecurity investments with confidence that the measures they take will make a material impact on protecting their business and safeguarding our country.”

Copyright 2021 Associated Press. All rights reserved.

Source: https://www.nextgov.com/cybersecurity/2022/10/cisa-sets-voluntary-cyber-performance-targets-critical-infrastructure/378994/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

A top Defense Department official described the private sector as “absolutely essential” in implementing the agency’s new cyber strategy. A top Defense Department official...

Cyber Security

The agency is utilizing a relaunched cybersecurity coordination center and additional programs to significantly ramp up interactions with key partners, a top official said....

Cyber Security

The nation’s cyber defense agency is building onto White House efforts to secure schools’ systems nationwide with the help of major education software companies....

Cyber Security

Cybercriminals are increasingly leveraging extreme weather events to launch attacks on critical infrastructure sectors. Cybersecurity experts say critical infrastructure operators can leverage a set...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO