CISA, FEMA, NHS Launch ‘Shields Ready’ For Critical Infrastructure Cyber-Resilience

Jointly, CISA, the Department of Homeland Security and FEMA have launched the “Shields Ready” initiative, a new campaign designed to encourage critical infrastructure (CNI) stakeholders to enhance cyber-resilience in their organizations.

Shields Ready is intended to complement the “Shields Up” campaign, which was focused on helping all organizations and individuals, Shields Ready is specifically about improving CNI processes.

The initiative urges CNI providers to:

  • Understand infrastructure and dependencies
  • Conduct comprehensive risk assessments
  • Make actionable plans
  • Measure progress and drive continuous improvement through testing

CISA director, Jen Easterly, highlight that it is vital for hospitals, schools, water facilities and other CNI entities, to have the resources they need to respond to and recover from cyber disruptions.

“By taking steps today to prepare for incidents, critical infrastructure, communities and individuals can be better prepared to recover from the impact of the threats of tomorrow, and into the future.”

Stephen Gates, Principal Security SME, had this comment:

   “In the context of the US government launching a new campaign to encourage critical national infrastructure (CNI) operators to enhance their cyber-resilience, one of the four key messages stands out as a considerable challenge: Conduct comprehensive risk assessments. This is more difficult than most people believe when organizations solely rely on humans to perform risk assessments. In fact, there are simply not enough qualified and certified risk assessment professionals available today.

   “Therefore, a paradigm shift in the mindset of CNI operators needs to happen. This shift includes augmenting their human-based risk assessments (often in the form of periodic penetration tests and regular scheduled vulnerability scans) with autonomous systems designed to discover where CNI operators are truly at risk. These systems operate autonomously, peruse network environments on their own, discover truly exploitable vulnerabilities, safely exploit what they discover, provide proof of compromise, and deliver expert guidance on how to remediate these risks – preemptively.

   “The first step to using these autonomous systems is assuming defenses have already been breached. Once that happens, these systems will help CNI operators find, fix, and verify that their exploitable vulnerabilities are drastically reduced, help measure progress, and drive continuous security improvement. This is not a one-and-done thing performed on an annual or periodic basis. Instead, it becomes part of everyday, good cyber-hygiene due care.”

Mike Barker, CCO, HYAS adds this comment:

   “The imperative nature of this initiative cannot be overstated. Investing in cyber-resilience now is an investment in safeguarding the continuity and security of our critical infrastructure in the face of evolving threats. “Shields Ready” serves as a beacon for organizations to fortify their defenses, enabling a more resilient and secure future for critical infrastructure and the communities they serve.”

Dave Ratner, CEO, HYAS follows up with this comment:

   “Improving processes and hardening systems is critical for any CNI organization but must be paired with the right solutions for resiliency in the face of continual onslaughts of threats and attacks; that’s why it makes complete sense to pair the Shields Up initiative with Shields Ready. Only through a complete security-in-layers approach will critical infrastructure really be properly prepared for and resilient against cyber intrusions.”

This is another one of those first steps that is long over do. What everyone needs to do is to keep taking steps to harden CNI so that it is a less attractive target for threat actors.

Leave a Reply

%d bloggers like this: