Most common types of cyber-attacks:
1. Assets as targets
2. Service Disruption
3. Attacks on Users
As we continue to develop our understanding of cybersecurity and its impact on Critical Infrastructure security, we must heed the advice and guidance of risk management experts in the field. At our recent safety and physical security networking conference, EMERGE '22 San Antonio, Cybersecurity State Coordinator Mr. Ernesto Ballesteros gave an informative presentation on critical infrastructure security, the cybersecurity of physical security, and the innovative tools used to protect our nation's critical infrastructure today. Mr. Ballesteros shared insights on the work of the Cybersecurity and Infrastructure Security Agency (CISA), Critical Infrastructure Sectors, no-cost cyber resources and assessments, and today's risk landscape. He also outlined actions that can be taken to improve cyber-resilience in the near term.
The Cybersecurity and Infrastructure Agency (CISA) is a United States federal government entity with the department of homeland security responsible for protecting our nation's critical infrastructure from cyber threats. Along with aiding the Department of Homeland Security with federal security and risk management, CISA works with various government agencies and public and private sectors to improve cyber resilience. The agency also provides valuable resources and guidance to businesses and individuals in an effort to help them improve their cybersecurity posture and better protect their assets and stakeholders.
CISA has identified the following industrial critical infrastructure sectors as vital to the functioning of the United States economy.
Since these 16 critical infrastructure sectors are most vulnerable to cyber-attacks, CISA has developed specific strategies to protect them against external threats.
The risk of cyber attacks in both the public and private sectors is constantly evolving, requiring protection and attention at all times. For example, the Russian invasion of Ukraine could have a debilitating impact on organizations within and beyond the region, including malicious cyber activity against the US homeland. Therefore, cybersecurity should be a top priority for all large and small organizations, whether you are a government entity or privately owned business. CISA is standing ready to help organizations prepare for, respond, and mitigate the impact of cyberattacks on our nation and its stakeholders. In addition, when cyber incidents are reported quickly, CISA can use this information to render assistance and warn other organizations and entities from falling victim to a similar attack.
The department of homeland security, through its Cybersecurity and Infrastructure Security Agency (CISA), had identified fundamental principles of information security that critical infrastructure organizations and the private sector should follow to ensure protection themselves from cyber-attacks. These principles include:
1. Assets as targets
2. Service Disruption
3. Attacks on Users
Cybersecurity and physical security is critical for all organizations, regardless of size. Therefore, CISA recommends all organizations take steps to protect their critical infrastructure and critical systems, including reducing the likelihood of a damaging cyber intrusion, quickly detecting a potential intrusion, being prepared to respond if an intrusion occurs, and maximizing the organization's resilience against a catastrophic cyber incident.
You can minimize your attack surface by implementing multi-factor authentication for all accounts, enforcing strong password policies, and stopping bad practices such as using end-of-life software, default accounts, and single-factor authentication.
It is also essential to keep your software up-to-date. Cybercriminals are constantly finding new ways to exploit vulnerabilities, so it is crucial to patch known vulnerabilities as soon as possible. In addition, CISA recommends organizations prioritize known exploitable vulnerabilities identified by CISA and system hardening to remove unnecessary accounts, ports, services, and software on machines.
Adopt CISA Cybersecurity Best Practices. CISA has released guidance for securing cloud services. Cloud service providers offer a wide range of services and often hold large amounts of sensitive data.
Perform regular internal vulnerability scans, run antivirus software throughout your network, enable strong spam filters to prevent phishing emails from reaching end users, and train end users to identify, respond to, and report phishing attacks.
Monitoring network traffic can help identify malicious activity and threats and reduce the time it takes to detect and respond to Cybersecurity incidents. Therefore, CISA recommends that organizations review their logs regularly, establish baselines of day-to-day operations, and develop procedures for responding to unusual or unexpected behavior.
CISA recommends that organizations regularly test their incident response plans through tabletop exercises. Cyber incidents can escalate quickly and have far-reaching consequences. A well-crafted incident response plan can help an organization minimize the damage caused by a Cybersecurity incident and resume operations more quickly.
Backups are a critical part of operational resilience and cyber safety. CISA recommends that organizations test their backup procedures regularly to ensure that data can be rapidly restored in case of ransomware or destructive cyberattack. In addition, backups should be stored offline and isolated from network connections to prevent them from being encrypted or deleted by attackers.
CISA also recommends that organizations that use industrial control systems or operational technology conduct tests of manual controls to ensure that critical functions remain operable if the organization's network is unavailable or untrusted.
The Cybersecurity and Infrastructure Security Agency (CISA) offers a range of cybersecurity assessments that evaluate operational resilience, cybersecurity practices, organizational management of external dependencies, and other critical elements of a robust and resilient cyber framework. These professional, no-cost assessments are provided upon request voluntarily and can help any organization manage risk and strengthening.
By following CISA's tips and recommendations , organizations can better protect themselves against cyberattacks and ensure that their critical functions and critical infrastructure remain operable in case of an incident.