FBI Urges Organizations to Take 10 Actions to Improve Cyber Resilience
The Federal Bureau of Investigation (FBI) has launched a campaign to improve the resilience of industry, government, and critical infrastructure against cyber intrusions. Operation Winter SHIELD (Securing Homeland Infrastructure by Enhancing Layered Defense) is tied to the National Cyber Strategy and the FBI Cyber Strategy, which views industry, government, and critical infrastructure as partners in detecting, confronting, and dismantling cyber threats.
“Our goal is simple: to move the needle on resilience across industry by helping organizations understand where adversaries are focused and what concrete steps they can take now (and build toward in the future) to make exploitation harder.” Operation Winter Shield provides a practical roadmap for securing information technology and operational technology environments, hardening defenses, and reducing the attack surface. The campaign has kicked off with 10 recommendations developed with domestic and international partners to improve defenses against current cyber threats. The recommendations reflect current adversary behavior and common security gaps identified in recent investigations of cyberattacks.
The ten recommendations cover high-impact measures for reducing cyber risk by improving resilience and reducing the attack surface. Over the following 10 weeks, the FBI will publish further information and guidance on these cybersecurity measures:
- Adopt phishing-resistant authentication – Many data breaches start with credentials stolen in phishing attacks.
- Implement a risk-based vulnerability management program – Threat actors often exploit known, unpatched vulnerabilities in operating systems, software, and firmware for initial access.
- Track and retire end-of-life tech on a defined schedule – End-of-life software and devices are often targeted as they no longer receive security updates.
- Manage third-party risk – Security is only as good as the weakest link, which is often the least-protected vendor with network or data access.
- Protect and preserve security logs – Security logs are essential for detection, response, and attribution, and are often deleted by threat actors to hide their tracks.
- Maintain offline immutable backups and test restoration – Resilience depends on backups and tested recovery.
- Identify inventory and protect internet-facing systems and services – Eliminate any unnecessary exposure and reduce the attack surface.
- Strengthen email authentication and malicious content protections – Email is one of the most common initial access vectors and must be adequately secured.
- Reduce administrator privileges – Persistent administrative access enables rapid escalation when credentials are compromised.
- Exercise incident response plans with all stakeholders – Testing the response plan will allow organizations to respond rapidly and reduce the impact of a successful compromise.
Source: Federal Bureau of Investigation.
