The Cybersecurity and Infrastructure Security Agency (CISA), which operates as a wing of the Department of Homeland Security (DHS) and as the nation’s cyber central, has designated November as Infrastructure Security Month.The month’s emphasis is on infrastructure security, specifically to raise awareness of its importance to national security and to help share CISA’s resources with critical infrastructure owners and operators. This year’s theme is Infrastructure Security is National Security: Drive Down Risk, Build Resilience.Critical infrastructure spans everything from healthcare, water and education to chemicals, transportation and energy systems. It includes physical threats originating in the U.S., as well as cyber threats launched from adversaries seeking to disrupt or destroy the essential services that the nation relies on for health and economic and national security.Cyber attackers are increasingly targeting critical infrastructure facilities, including attacks on energy, water, oil and gas, transportation and others in the 16-unit sector.CISA said it had worked with “hundreds of public and private sector partners and analyzed years of data” to identify the key challenges that leave our nation at unacceptable risk. Measurable goals such as cost, complexity and impact were factored into setting the goals, which were designed to apply to organizations of all sizes, the agency said.
CISA Offers Cybersecurity Awareness, Resources
Throughout November, CISA said it will seek to increase awareness of infrastructure security with interviews and blogs featuring CISA staff and external industry partners, as well as other activities.CISA has set up a dedicated website for Infrastructure Security Month for more information and resources, including tools and tips that owners and operators can use to help identify and reduce risk to infrastructure facilities, their internet and operational technology systems, employees, visitors and more.CISA Director Jen Easterly explained the intent behind Infrastructure Security Month:“As the National Coordinator for critical infrastructure security and resilience, CISA is laser focused on the broad and complex landscape of threats to this infrastructure, and because much of it is owned or operated by the private sector, our collaborative partnerships with private industry are foundational to our ability to help defend the nation. It takes all of us, working together, to drive down risk and build resilience.”
Addressing The Challenges Ahead
Infrastructure Security Month comes on the heels of a new set of the “highest priority” baseline security measures for infrastructure owners and operators to enact to protect themselves against cyber threats. With cyberattacks raising the stakes by zeroing in on infrastructure facilities, DHS and CISA, through which the performance goals were issued, have made clear not only their concern over potential assaults on the sector but also the defensive challenges owners and operators face.The Cross-Sector Cybersecurity Performance Goals cover:- Account Security
- Device Security
- Data Security
- Governance and Training
- Vulnerability Management
- Supply Chain/Third Party
- Response and Recovery
