Analysis
Attacks and Vulnerabilities
CISA
Critical infrastructure
News
Vulnerabilities

CISA RVWP Program to warn critical infrastructure entities of exposed vulnerabilities 

March 14, 2023
CISA RVWP Program to warn critical infrastructure entities of exposed vulnerabilities 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced Monday the establishment of the Ransomware Vulnerability Warning Pilot (RVWP) Program. The initiative will determine vulnerabilities commonly associated with known ransomware exploitation and warn critical infrastructure entities of those vulnerabilities enabling mitigation before damaging intrusions occur. 

CISA will through the RVWP program proactively identify information systems belonging to critical infrastructure entities that contain vulnerabilities commonly associated with ransomware intrusions. It will also notify owners of the affected information systems, which enables the owners to mitigate the vulnerabilities before damaging intrusions occur. The agency leverages multiple open-source and internal tools to research and detect vulnerabilities within U.S. critical infrastructure. 

The RVWP initiative was required to be set up by CISA under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which President Joe Biden signed into law last March. The federal legislation puts in place requirements for critical infrastructure entities to report cyber incidents and ransom payments to CISA.

CISA additionally leverages commercial tools to identify organizations that may be at heightened cybersecurity risk. As required by CIRCIA, CISA proactively identifies information systems that contain security vulnerabilities commonly associated with ransomware attacks. After discovery, CISA notifies owners of the vulnerable systems.

In case of a vulnerability, CISA Regional staff members, located throughout the country, make notifications by phone call or email, and may provide assistance and resources to mitigate the vulnerability, CISA said. “Notifications will contain key information regarding the vulnerable system, such as the manufacturer and model of the device, the IP address in use, how CISA detected the vulnerability, and guidance on how the vulnerability should be mitigated.” 

CISA added that receiving a notification through CISA RVWP is not indicative of a compromise. “However, it does indicate you are at risk and the information system requires immediate remediation.”

The RVWP Program will identify organizations with internet-accessible vulnerabilities commonly associated with known ransomware actors by using existing services, data sources, technologies, and authorities, including CISA’s free Cyber Hygiene Vulnerability Scanning service. As part of the RVWP Program, CISA leverages existing authorities and technology to proactively identify information systems that contain security vulnerabilities commonly associated with ransomware attacks. 

Through CISA’s Cyber Hygiene services, federal, state, local, tribal, and territorial governments, as well as public and private sector critical infrastructure organizations, get access to scanning and testing services to help organizations reduce their exposure to threats by taking a proactive approach to mitigating attack vectors. The vulnerability scanning will evaluate external network presence by executing continuous scans of public, static IPv4s for accessible services and vulnerabilities, and provides weekly vulnerability reports and ad-hoc alerts.

Once CISA identifies these affected systems, “our regional cybersecurity personnel notify system owners of their security vulnerabilities, thus enabling timely mitigation before damaging intrusions occur,” according to the security agency.

“Organizations across all sectors and of all sizes are too frequently impacted by damaging ransomware incidents. Many of these incidents are perpetrated by ransomware threat actors using known vulnerabilities. By urgently fixing these vulnerabilities, organizations can significantly reduce their likelihood of experiencing a ransomware event,” the CISA said. 

The agency also highlighted that most organizations may be unaware that a vulnerability used by ransomware threat actors is present on their network. Through the RVWP Program, which started on Jan. 30, this year, CISA is undertaking a new effort to warn critical infrastructure entities that their systems have exposed vulnerabilities that may be exploited by ransomware threat actors. 

CISA has taken numerous initiatives to improve cybersecurity across the critical infrastructure sector. In late October, it released voluntary and not comprehensive cross-sector cybersecurity performance goals (CPGs) to help establish a standard set of fundamental cybersecurity practices for the critical infrastructure sector. These CPGs provide an approachable common set of IT and OT (operational technology) cybersecurity protections to improve cybersecurity across the nation’s critical infrastructure.

Earlier in September, CISA rolled out its initial comprehensive plan of action to focus on and guide the agency’s efforts over the next three years. The Strategic Plan communicates the agency’s mission and vision, promotes the unity of effort across the agency and partners, and defines success for CISA as an agency. It also describes the stakeholder, policy, and operational context ‘in which we must perform and present the strategic changes CISA will make to better execute our vital mission over the next three years.’

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation