The US government has launched a new campaign designed to encourage critical infrastructure (CNI) stakeholders to enhance cyber-resilience in their organizations.
The “Shields Ready” initiative is intended to complement the successful “Shields Up” campaign.
Unlike the latter, which was focused on helping all organizations and individuals to prepare for, respond to and mitigate cyber-attacks, Shields Ready is more specifically about improving CNI processes and hardening systems ahead of a potential incident.
Launched jointly by the US Cybersecurity and Infrastructure Security Agency (CISA), the Department of Homeland Security (DHS) and the Federal Emergency Management Agency (FEMA), the initiative has four key messages. It urges CNI providers to:
- Understand infrastructure and dependencies, by identifying the most operationally critical systems and assets and possible dependencies on other infrastructure systems
- Conduct comprehensive risk assessments considering the full range of threats that could disrupt CNI operations and evaluating specific vulnerabilities
- Make actionable plans, including both a strategic risk management plan to reduce identified risks and vulnerabilities and an actionable incident response and recovery plan to reduce downtime
- Measure progress and drive continuous improvement through testing of incident response and recovery plans under realistic conditions and regular updating and evaluation of strategic plans
Read more on CNI threats: Ransomware Takes Down East Coast Fuel Pipeline
CISA director, Jen Easterly, argued that it is vital for CNI entities, ranging from hospitals and schools to water facilities, to have the resources they need to respond to and recover from disruption.
“As the national coordinator for critical infrastructure security, CISA is launching the Shields Ready campaign during Critical Infrastructure Security and Resilience Month to improve the resilience of infrastructure Americans rely on every hour of every day,” she added.
“By taking steps today to prepare for incidents, critical infrastructure, communities and individuals can be better prepared to recover from the impact of the threats of tomorrow, and into the future.”