CISA Offering Free Cybersecurity Services to Non-Federal Critical Infrastructure Entities

The US cybersecurity agency CISA has announced a new pilot program to provide managed cybersecurity services to critical infrastructure entities that need support.

For years, the agency has been acting as a managed service provider to the federal civilian government, which has resulted in reduced risks and cost-savings, in addition to delivering standardization.

Now, CISA is expanding support and cybersecurity expertise to non-federal critical infrastructure organizations in need of assistance with reducing cybersecurity risks.

“Scaling CISA-managed cybersecurity services for the segments of our critical infrastructure community that need it most is a cost-effective way to gain greater insight into our evolving threat environment, establish a common baseline of cyber protection, and, most importantly, reduce the frequency and impact of damaging cyber events,” the agency notes.

In addition to offering CISA-provided commercial shared services to critical infrastructure entities, the pilot program will allow the agency to stress-test its service delivery mechanisms and prove it can deliver these cybersecurity services at scale.

During the first phase of the deployment, CISA is providing services to healthcare, water, and K-12 education entities, with the final goal to embark up to 100 organizations this year.

The agency is also hosting roundtables and information sessions with critical infrastructure partners to understand their needs, identify issues, assess interest in CISA services, and find ways to provide more scalable support.

According to CISA, evolving threats and their high impact on everyday life increase the need for collective cyber defense. In the agency’s vision, “the ability to provide cost-effective, highly scalable, and innovative solutions to critical infrastructure entities in need of assistance is vital to our national cyber mission.”

The services offered as part of the pilot program are free of charge. Interested entities are encouraged to contact security advisors at a CISA office in their region.

Related: CISA Gets Proactive With New Pre-Ransomware Alerts

Related: CISA Unveils Cybersecurity Strategic Plan for Next 3 Years

Related: MITRE and CISA Release Open Source Tool for OT Attack Emulation

Related: CISA Introduces Secure-by-design and Secure-by-default Development Principles