CISA Shares Best Practices for Improving the Security and Resilience of Critical Infrastructure
November is Critical Infrastructure Security and Resilience Month, a month dedicated to improving awareness of the importance of strengthening critical infrastructure security and resilience. This annual effort is led by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and focuses on educating and engaging the government, critical infrastructure owners and operators, and the public about the role of critical infrastructure in the functioning of society and the economy, and how the safety and security of the nation depend on the ability of critical infrastructure owners to operate and withstand physical and cyber threats and to ensure steps are taken to improve security and resilience.
Critical infrastructure is targeted by ransomware groups due to the massive disruption that can be caused, increasing the probability of a ransom being paid. State-sponsored threat actors target critical infrastructure to obtain sensitive information or cause destructive attacks that can trigger economic and social upheaval and cause fear and uncertainty. Critical infrastructure entities are also a target for hacktivists and hackers seeking notoriety.
Over the past few years, there have been many attacks that have caused massive disruption, including numerous attacks on healthcare organizations that have threatened their ability to operate. This year, a ransomware attack on Change Healthcare caused massive disruption to healthcare services across the country and an attack on an NHS pathology service provider led to a blood supply shortage across London. In 2021, an attack on the Irish Health Service Executive (HSE) prevented access to all IT systems resulting in healthcare services being disrupted across the country, an attack on Colonial Pipeline disrupted fuel supplies to the eastern seaboard of the United States, and an attack on JBS, the world’s largest meat processing company, disrupted food supplies. These incidents clearly show the wide-ranging impact cyberattacks on critical infrastructure can have.
This year, President Biden issued a proclamation, “I call upon the people of the United States to recognize the importance of protecting our Nation’s infrastructure and to observe this month with appropriate measures to enhance our national security and resilience.” With climate change making natural disasters more frequent, ferocious, and costly and malicious cyber actors actively targeting critical infrastructure, it has never been more important to strengthen security and resilience.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
“Through my American Rescue Plan, Bipartisan Infrastructure Law, Inflation Reduction Act, and CHIPS and Science Act, we are investing billions of dollars to secure and bolster our infrastructure. That includes improving our electric grid so that people can maintain power in any situation, elevating roads and bridges over possible flood zones, funding community resilience programs, and more,” said President Biden. “These investments have not only helped to protect Americans — they have benefited our economy, creating jobs and new possibilities for our communities.”
The theme of Critical Infrastructure Security and Resilience Month 2024 is “Resolve to be Resilient,” and throughout the month, CISA will be showing how critical infrastructure organizations can integrate practices to improve security and resilience, helping them to combat threats and bounce back quickly when disruptions occur.
These practices include identifying critical systems and assets and understanding their potential dependencies on other infrastructure systems and assets; assessing risks and vulnerabilities and the consequences of the threats and hazards they could pose; developing actionable incident response and recovery plans and; conducting exercises of those plans under realistic conditions and continuously improving those plans to ensure they are efficient and effective.
“We must build resilience into our preparedness planning year-around,” said Dr. David Mussington, CISA’s Executive Assistant Director for Infrastructure Security. “It’s a whole of community responsibility to prepare and secure the nation’s critical infrastructure and protect the vital services it provides, so when something does happen, we are better able to respond to and recover from any impacts.”
