CISA debuts cybersecurity shared services pilot to tackle critical infrastructure threats

U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced Friday a pilot program designed to deliver cybersecurity shared services voluntarily to critical infrastructure entities that are most in need of support. The agency has acted as a managed service provider (MSP) to the federal civilian government for years and observed significant risk reduction along with the benefits of cost-savings and standardization. 

“Leveraging a new authority provided by Congress, we are eager to extend our support and enterprise cybersecurity expertise with non-federal organizations that require additional assistance to effectively address cybersecurity risks,” Eric Goldstein, executive assistant director for cybersecurity at CISA, wrote in a blog post. “Scaling CISA-managed cybersecurity services for the segments of our critical infrastructure community that need it most is a cost-effective way to gain greater insight into our evolving threat environment, establish a common baseline of cyber protection, and, most importantly, reduce the frequency and impact of damaging cyber events.”

Through the pilot program, “we are identifying critical infrastructure entities interested in leveraging CISA-provided commercial shared services, stress-testing our service delivery mechanisms, and demonstrating our ability to acquire, deploy, and operate these cybersecurity services at scale,” Goldstein detailed. 

The Shared Cybersecurity Services portfolio of CISA-funded contracts provides federal civilian agencies, state fusion centers, and select information sharing and analysis centers with no-cost access to commercial cyber threat intelligence (CTI) and services. It allows users to access, research, and enrich CTI through a commercial enterprise license, and currently contracts with three commercial providers, LookingGlass, Infoblox, and Mandiant, to provide CTI and associated services.

In alignment with CISA’s ‘Target Rich, Resource Poor’ strategy, “our teams are working with critical infrastructure entities in the healthcare, water, and K-12 education sectors in our first phase of deployment. This year, we plan to deliver services to up to 100 entities,” the post added.

As part of the Cybersecurity Shared Services Pilot program, CISA is hosting roundtables and information sessions with critical infrastructure partners in every region and across all sectors, according to Goldstein. “We want to understand their unique needs and challenges, identify gaps in existing capabilities, assess interest in our shared services, and identify ways CISA can provide more scalable support through shared services or other means.”

Last month, CISA began deploying a Protective Domain Name System (DNS) Resolver to pilot participants which, until now, had only been available to federal civilian agencies. It is a proven, cost-effective solution that uses U.S. government and commercial threat intelligence to prevent systems from connecting to known or suspected malicious domains. 

Since 2022, CISA’s Protective DNS service has blocked nearly 700 million connection attempts from federal agencies to malicious domains across the globe and continues to reduce the risk of the most common cyber risks like ransomware, phishing, and malicious redirects, Goldstein said. “In short, CISA is broadening the use of our highly scalable Protective DNS service to ensure ‘Target Rich, Resource Poor’ critical infrastructure entities have access to some of the same cybersecurity protections, which have proven foundational to enterprise risk reduction across the federal government,” he added.

Additionally, Goldstein identified that the insights obtained through these discussions and as a result of the Protective DNS pilot will inform the agency’s effort to better serve the nation’s critical infrastructure organizations.

In recent years, cyber-attacks have intensified in both volume and impact affecting the day-to-day operations of organizations across U.S. critical infrastructure sectors. When most Americans consider the cyber-physical impact of attacks on critical infrastructure, they may recall when a ransomware attack on Colonial Pipeline’s corporate network led to a disruption of fuel supplies to gas stations along the East Coast. 

More recently, Goldstein pointed out that advanced hackers such as the Volt Typhoon have demonstrated the intent and technical ability to disrupt the nation’s critical infrastructure. “These types of cyber attacks have the potential to disrupt critical functions on which we all depend, and in the worst cases, lead to the loss of human life,” he added. 

CISA published in September a Security Planning Workbook to support critical infrastructure asset owners and operators in their security planning endeavors. This resource is accessible to all members of an organization, irrespective of their level of security proficiency, and is intended for those entrusted with ensuring the safety and security of both facilities and personnel. The primary objective of this workbook is to consolidate vital information that can serve as a valuable resource in the creation of a comprehensive security plan.

Last week, U.S. security agencies joined forces to release a comprehensive cybersecurity advisory regarding the emergence of Rhysida, a new ransomware-as-a-service (RaaS) group. The advisory provided valuable insights into the Rhysida ransomware, including Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) that have been identified through recent investigations conducted as recently as September.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.