Security Experts:

Connect with us

Hi, what are you looking for?



CISA Calls for Improved Critical Infrastructure Security

The United States Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday called on critical infrastructure owners and operators to improve their security stance against malicious cyberattacks.

The United States Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday called on critical infrastructure owners and operators to improve their security stance against malicious cyberattacks.

The agency urges executives and senior leaders to take steps to ensure that their organizations are prepared to respond to incidents through the implementation of cybersecurity best practices.

“Sophisticated threat actors, including nation-states and their proxies, have demonstrated capabilities to compromise networks and develop long-term persistence mechanisms. These actors have also demonstrated capability to leverage this access for targeted operations against critical infrastructure with potential to disrupt National Critical Functions,” CISA notes.

To improve their defenses, critical infrastructure organizations are advised to eliminate gaps in IT/OT security personnel coverage, and to prepare for rapid response through heightened awareness and well implemented incident response procedures.

Furthermore, organizations are advised to train their personnel on the steps to take during and after a cyberattack, to implement two-factor authentication and make sure systems and applications are kept updated, and to set a low threshold for threat and information sharing.

For entities with OT or industrial control systems (ICS) assets, CISA also recommends identifying critical processes and securing them, developing workarounds and manual controls to isolate critical processes if needed, and ensuring that backup procedures are implemented.

At the same time, CISA encourages organizations to implement their cyber incident response plan as soon as an attack is detected, and to immediately report the assault to CISA.

Related: CISA Expands ‘Must-Patch’ List With Log4j, FortiOS, Other Vulnerabilities

Related: CISA Releases Guidance on Securing Enterprise Mobile Devices

Related: CISA Releases Incident and Vulnerability Response Playbooks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Twenty-one cybersecurity-related M&A deals were announced in December 2022.