In a proactive effort to fortify cybersecurity defenses, the Cybersecurity and Infrastructure Security Agency (CISA) has launched a groundbreaking experimental program, extending "cutting-edge cybersecurity shared services" to critical infrastructure entities. This initiative, initially focusing on healthcare, water, and K-12 education sectors, aims to provide essential support in the face of escalating cyber threats and ransomware incidents.
Introduction of the Experimental Program:
CISA, in a recent declaration, introduced a voluntary trial-run program designed to offer state-of-the-art cybersecurity shared services. Focusing on critical infrastructure sectors like healthcare, water, and K-12 education, the program aims to address the ongoing surge of cyberattacks and ransomware incidents.
CISA's History and Expertise:
Eric Goldstein, the Chief Assistant Director for Cybersecurity at CISA, highlighted the agency's success as a managed service provider for the federal civilian government. Drawing on years of experience, CISA aims to extend its expertise to non-governmental entities, utilizing a new authority granted by Congress.
Phase One Focus and Expansion Plans:
The initial phase of the Cybersecurity Shared Services Trial Program will concentrate on up to 100 entities within healthcare, water, and K-12 education. CISA plans to conduct roundtables and information sessions to identify the specific needs of organizations in each sector before expanding the program beyond these initial areas.
Addressing Cyber Threats in Critical Infrastructure:
Goldstein emphasized the urgency of providing effective cybersecurity services to critical infrastructure entities, citing recent incidents such as the ransomware attack on Pioneer Pipeline and nation-state activities by groups like Volt Storm. The goal is to enhance understanding of evolving threats, establish a common cybersecurity benchmark, and reduce the frequency and impact of damaging cyber events.
Cost-Effective and Innovative Solutions:
Positioned as America's Cyber Defense Agency, CISA emphasizes the cost-effectiveness of providing scalable and innovative cybersecurity solutions to entities in need. The organization sees this initiative as crucial to its national cybersecurity mission.
CISA's Previous Initiatives:
As an example of CISA's commitment to supporting organizations beyond the federal government, Goldstein mentioned the Defensive Domain Name System (DNS) Resolver program. This program, launched last month, utilizes government and commercial threat intelligence to block systems from connecting to known or suspected malicious domains, preventing nearly 700 million connection attempts worldwide.
Guidance for Interested Organizations:
Organizations interested in participating in the program are encouraged to reach out to regional CISA offices for more information on how they can benefit from CISA's cybersecurity expertise.
Conclusion:
CISA's Cybersecurity Shared Services Experimental Program marks a significant step towards enhancing the resilience of critical infrastructure against cyber threats. By extending its expertise to non-governmental entities, CISA aims to foster collaboration, set cybersecurity standards, and reduce the impact of cyber incidents on essential services.
Cyber Security is not a Joke.... Don't Let Anyone Hurt You!
Sourse: cisa.gov | Eric Goldstein, Executive Assistant Director for Cybersecurity