Summary Points
- The Cybersecurity and Infrastructure Security Agency (CISA) urges critical infrastructure owners to develop plans for operating securely in emergency conditions for extended periods, potentially months, including isolating from IT and third-party systems.
- CISA is collaborating with the private sector through the CI Fortify initiative to assess vulnerabilities, test recovery plans, and ensure continuity of services, especially in sectors like energy, water, and defense.
- Core strategies include isolating operational technology (OT) from external networks during crises and establishing internal protocols to maintain essential services when disconnected from IT or third-party vendors.
- Despite efforts to combat Chinese hacking groups like Salt Typhoon and Volt Typhoon, U.S. officials warn that multiple nation-state actors remain active threats, necessitating robust, adaptable cybersecurity and operational resilience measures.
Underlying Problem
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to owners and operators of critical infrastructure, urging them to prepare for long-term emergency operations. This necessity arises because state-sponsored hackers, notably Chinese groups Salt Typhoon and Volt Typhoon, continue to target vital sectors such as electricity, water, and the internet. In response, CISA is collaborating with the private sector through a program called CI Fortify. This initiative involves conducting technical assessments to develop plans that allow these infrastructures to run securely for weeks or even months in isolation. For example, during crises, systems may need to disconnect from third-party vendors and external networks to prevent or respond to cyber threats. Acting Director Nick Andersen emphasized that these measures aim to ensure continued service delivery, even when traditional network connections are severed.
This push for enhanced resilience is driven by recent conflicts around the world that have seen critical infrastructure targeted through both cyber and physical attacks. CISA is already testing these assessment strategies with some organizations supporting national security, health, and economic stability, while planning to expand as they hire more staff. The strategy focuses on two main pillars: isolation, which involves disconnecting systems during emergencies, and recovery, which emphasizes data backups and manual operations. Experts believe that these vulnerabilities are not limited to China alone, as other nations and hacking groups likely exploit similar weaknesses. Despite efforts by agencies like the FBI to strengthen defenses, threats remain active, underscoring the importance of proactive planning to safeguard essential services in times of conflict.
Risk Summary
The issue of CISA urging critical infrastructure to operate in isolation during conflict can impact any business by disrupting supply chains, halting essential services, and causing widespread operational delays. If your business relies on interconnected systems or external partners, such disconnection could lead to severe shortages, lost revenue, and increased security risks. Moreover, without access to timely data or communication channels, decision-making becomes slower and less effective. Consequently, during prolonged isolation, your business might face financial instability, damage to reputation, and jeopardized customer trust. Therefore, understanding this risk is crucial, as it emphasizes the need for robust contingency plans to ensure continuity under such extraordinary circumstances.
Possible Next Steps
In the face of escalating threats to critical infrastructure, rapid and effective remediation is essential to ensure continued operation and resilience, especially when isolation during conflict might be necessary for weeks to months.
Preparation & Planning
Develop detailed incident response and contingency plans that include isolation protocols and recovery procedures.
Vulnerability Identification
Conduct continuous vulnerability assessments and penetration testing to identify weak points that could be exploited or hindered during isolation.
Segmentation & Isolation
Implement network segmentation to contain potential breaches and facilitate quick isolation when needed.
Redundant Systems
Establish redundant and resilient systems capable of operating independently if central systems are compromised or disconnected.
Regular Drills
Perform routine simulation exercises to practice isolated operation and rapid remediation responses, enhancing readiness.
Supply Chain Management
Secure and diversify supply chains for critical hardware and software components to avoid disruptions during prolonged isolation periods.
Real-time Monitoring
Leverage advanced monitoring tools for early detection of issues and swift response to emerging threats or failures.
Incident Response Teams
Maintain trained, specialized response teams ready to execute remediation and isolation procedures efficiently.
By proactively implementing these measures, organizations can tighten their defenses, facilitate swift recovery, and sustain critical functions during extended periods of operational isolation.
Advance Your Cyber Knowledge
Stay informed on the latest Threat Intelligence and Cyberattacks.
Access world-class cyber research and guidance from IEEE.
Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.
Cyberattacks-V1
