Attacks and Vulnerabilities
Building Management Systems
CISA
Critical infrastructure
Industries
Management & Strategy
Manufacturing
Medical
Mining, Oil & Gas
News
Technology & Solutions
Transportation
Utilities: Energy & Power, Water, Waste

CISA highlights its ‘Critical Infrastructure Security and Resilience: Build it In’ theme for November

November 02, 2021
Security and Resilience

The Cybersecurity and Infrastructure Security Agency (CISA) announced Monday that the month of November will be recognized as ‘Infrastructure Security Month 2021’ that will focus on the umbrella theme ‘Critical Infrastructure Security and Resilience: Build it In.’ This measure is meant to serve as an annual effort that works towards educating and engaging at all levels – the government, infrastructure owners and operators, and the American public about the vital role critical infrastructure play in the nation’s wellbeing, and why it is important to strengthen critical infrastructure security and resilience.

It also seeks to remind stakeholders of how important it is to consider infrastructure security and resilience right from the design concept through development and implementation. Throughout Infrastructure Security Month, CISA will highlight how infrastructure security has evolved in the nation, while also experiencing a significant shift in the threat landscape over the past several years. The annual effort focuses on the vital role critical infrastructure plays in the nation’s wellbeing and why it is important to strengthen critical infrastructure security and resilience.

This year, the cybersecurity agency has asked every stakeholder to remember that if the risk is shared, then the responsibility to reduce that risk is also shared. It has called for a reevaluation of preparedness plans on “securing public gatherings” and making sure that they are up to date with the latest techniques and tactics, in addition to considering ways of making resilience part of the design when upgrading or building new critical infrastructure.

The agency also seeks to help people understand and identify misinformation, disinformation, and conspiracies appearing online related to election security, COVID-19 pandemic, 5G, or other infrastructure-related issues.

Each week throughout November, CISA will highlight a different way to think about how it will build critical infrastructure security and resilience. In week 1 between Nov. 1-7, CISA will focus on ‘Interconnected and Interdependent Critical Infrastructure: Shared risk means building in shared responsibility,’ in week 2 between Nov. 8-14, it will highlight the ‘Plan for Soft Target Security: Build in security for mass gatherings starting with your planning,’ in week 3 between Nov. 15-21, it will call attention to ‘Build Resilience into Critical Infrastructure,’ and in week 4 between Nov. 22-30, it throws the spotlight on ‘Secure our Elections: Build resilience into our democratic processes.’

During Critical Infrastructure Security and Resilience Month, “we renew our commitment to securing and enhancing the resilience of our Nation’s critical infrastructure,” U.S. President Joe Biden said in ‘A Proclamation on Critical Infrastructure Security and Resilience Month, 2021.’ “Threats to the critical infrastructure that we all depend on, which underpins our economic and national security, are among the most significant and growing concerns for our Nation, including cyber threats, physical threats, and climate threats.”

“We must do everything we can to safeguard and strengthen the systems that protect us; provide energy to power our homes, schools, hospitals, businesses, and vehicles; maintain our ability to connect; and ensure that we have reliable access to safe drinking water,” President Biden added. “While our Nation has been resilient as we have navigated this pandemic, we must continue investing in our workforce to keep pace with the threats we face and ensure we are building back better.”

Throughout November, the Science and Technology Directorate (S&T) will also observe Infrastructure Security Month. The S&T is engaged in research projects through an interconnected network of partners across government, academia, research institutes, businesses, and other stakeholders to ensure that the critical infrastructure sectors, including energy, communications, and transportation systems, are able to provide security and resilience.

“Though this is an annual campaign to spotlight cooperative public- and private-sector efforts to safeguard the nation’s infrastructure, this year, in particular, the timing could not be more critical,” Kathryn Coulter Mitchell wrote in a post for the Science and Technology Directorate (S&T), which serves as the research and development arm of the Department of Homeland Security (DHS). “Between an ongoing global health crisis, supply chain disruptions, severe weather events and more, the time is now to turn research into action,” she added.

These developments come as the CISA has released a Request for Information (RFI) to assist the U.S. administration in conducting market research focused on gaining technical feedback from the industry on tools and services that would provide sophisticated endpoint detection and response (EDR) capabilities for U.S. government organizations. The RFI responses have to be submitted by Nov. 8. The CISA intends to galvanize agency security operations center (SOC) operations by getting as close to complete coverage as possible on the agency’s selected and validated EDR platforms through a ‘gap-fill’ strategy, the RFI said.

Before that, the Office of Management and Budget (OMB) provided federal agencies with a three-month deadline to detect and respond to increasingly sophisticated threat activity on their networks. Through a collective effort, the federal government will achieve improved agency capabilities for early detection, response, and remediation of cybersecurity incidents on their networks, provide agency enterprise-level visibility across components/bureaus/sub-agencies to better detect and understand threat activity, and enable government-wide visibility through a centrally located EDR initiative, implemented by the CISA.

Last month, the U.S. observed the ‘National Cybersecurity Awareness Month (NCSAM),’ as a reminder to various industrial and manufacturing stakeholders, including supply chain vendors, to pause and analyze their cybersecurity environment.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings