Content, Security Program Controls/Technologies

CISA Security Playbooks Get SMBs, Government Agencies Cyber Ready


The Homeland Security Department’s cyber wing has released the first in a series of six Cyber Essentials Toolkits it has positioned as a “starting point" for small businesses and government agencies to understand and address cybersecurity risks.

Last November, the Cybersecurity and Infrastructure Security Agency (CISA), released Cyber Essentials, which detailed six “Essential Elements” of a “Culture of Cyber Readiness.” This is a follow-on to that. The first resource covers the first “Essential Element: Yourself, The Leader,” drilling down on the role of leadership in forging a culture of cyber readiness in an organization with an emphasis on strategy and investment. Additional toolkits to follow will correspond to the other “Essential Elements,” -- Your Staff, Your Systems, Your Surroundings, Your Data and Your Actions Under Stress.

“We thank all of our partners in government and the private sector who played an essential role in the development of CISA’s Cyber Essentials Toolkit,” said CISA director Christopher Krebs. “We hope this toolkit, and the ones we are developing, fills gaps and provides executives the tools they need to raise the cybersecurity baseline of their teams and the organizations they lead.” Government agencies and the private sector collaborated on the Cyber Essentials Toolkit.

Each of the six Cyber Essentials includes a list of actionable items to reduce cyber risks:

  • Drive cybersecurity strategy, investment, and culture.
  • Develop heightened level of security awareness and vigilance.
  • Protect critical assets and applications.
  • Ensure only those who belong on your digital workplace have access.
  • Make backups and avoid loss of info critical to operations.
  • Limit damage and restore normal operations quickly.

On another, perhaps more foreboding note, Krebs, in a podcast interview, said that he expects “every intelligence service to be in the mix” to target and steal COVID-19 research and data. “The Chinese have been more brazen in their approach but others are in the game too. It’s a very active space,” he said.

In mid-May, DHS and the Federal Bureau of Investigation (FBI) accused China of conducting an espionage campaign to steal intellectual property from U.S. researchers involved in coronavirus (COVID-19) vaccine development. In an advisory, U.S. authorities claim Chinese state-backed hackers are seeking “valuable intellectual property and public health data through illicit means related to vaccines, treatments and testing,” the alert said.

Organizations involved in COVID-19-related research are especially attractive targets for APT actors. Krebs said he’s most concerned with ransomware’s potential to disrupt and destroy network infrastructure, particularly with smaller organizations not well equipped to defend against sophisticated attacks. “When you roll up all the different threat actors both state and non-state actors you get both the intelligence the espionage piece but you also get the destructive attacks,” he said. “If you can address some of the key ransomware vectors you can actually close out a lot of the threats from some of those state actors,” Krebs said. “We really put a lot of emphasis on ransomware in a number of different sectors.”

As for the upcoming presidential election, Krebs said DHS and CISA were seeing “just normal automated scanning bad guys trying to do bad things.” In terms of coordinated or orchestrated activities, “we haven’t really seen something at scale,” Krebs said.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.