Securing Critical Infrastructure With Validated and Trusted AI

AI is changing cybersecurity – providing new tools for security professionals, but also giving cyber threat actors a better arsenal of weapons for their attacks. Fortress is leveraging the latest in GenAI to better identify and understand the supply chain risks critical infrastructure organizations face.
Fortress's AI Monitoring, tailor made for the unique threats Critical Infrastructure organizations face, enables security pros to get quicker and more accurate data on the most critical risks and vulnerabilities across vendors and products. In short, it's a new evolution in cyber supply chain risk management (C-SCRM) and third-party cybersecurity risk management (TPCRM).
"AI is changing cybersecurity, but it is not the cure-all to national security threats from nation-state adversaries," said Fortress CEO and co-founder Alex Santos. "We were extremely deliberate in how we decided to deploy AI in our solutions. AI-enabled data retrieval without collaborative data sharing and human validation leaves large blind spots and generates false positives that divert resources from fighting the most pressing challenges. However, AI combined with a comprehensive approach to cyber defenses can quickly identify the 'needles in the haystack' that pose the most critical risks."
AI gives Fortress the ability to reduce risk assessment and monitoring costs by up to 90% and discover risks more than 80% faster. Using the latest in GenAI, Fortress automates the retrieval and analysis of vendor and product risk resulting in actionable, prioritized, and conclusive steps to empower security and risk management teams and keep your organization safe.
Besides generating comprehensive insights alerting organizations to emerging risks faster, Fortress integrates with legacy systems that can be omnipresent in critical infrastructure and streamlines government and energy regulatory compliance to simplify complex and time-consuming audits administered by regulatory enforcement.
"Certainly, there is an industry-wide push to get AI integrated into cybersecurity products as fast as possible," said Santos. "Others saw AI as a 'move fast and break things' moment. We knew AI had to be done right and done responsibly. We knew by working hand in hand with our customers that AI had to be done right and responsibly. Our AI Monitoring suite is built for today's rapidly changing and complex cyber supply chain and third-party attack surfaces. We've allowed our clients to stay one step ahead."

20.3 million of EU Funds for major flood protection project in Eisenach

EU funds will be used to build flood protection along the section of the river Hörsel which goes from Langensalzaer to Karolinenstraße. The project in this challenging section addresses existing infrastructure, traffic management, and urban integration. In addition, the region is also planning a new Karolinen Bridge.
Currently, flood protection measures near the "Auf dem Gries" industrial area, including the cycling path connection to Stedtfeld, are nearing completion.
Support of €16 million in previous programming period
Thanks to substantial financial support from the EU, the flood protection efforts in Eisenach have been progressing systematically since 2015. Initial measures began in the district of Stedtfeld, with completion achieved by 2017. Next, the flood dike near the Stedtfeld wastewater treatment plant was replaced.
Construction started in 2020 along the Hörsel river. Additionally, from August 2021 to August 2022, flood protection measures were implemented in the Hörschel district.
In 2023, an EU-funded project completed flood protection measures near the Opel factory in Eisenach.
These ambitious projects show the EU's commitment to boosting the region's flood resilience. They will protect residents and critical infrastructure.

IACIPP Appoints Frederic Petit as Liaison Director with the European Commission

The International Association of CIP Professionals (IACIPP) has appointed Frederic Petit, currently a Project Officer at the European Commission Joint Research Centre, as the Association’s ‘Liaison Director with the European Commission’.

Prior to his move to the European Commission JRC, Frederic was a Research Scientist specialising in critical infrastructure interdependencies and resilience at Argonne National Laboratory, and the Association’s representative for North America. With Mr Petit’s recent move to the JRC, he has been appropriately appointed as Association’s ‘Liaison Director with the European Commission’ with the role of industry/Commission liaison and keeping membership informed of the ongoing activities on the European activity/research around the protection and resilience of Infrastructure.

With the imminent implementation of The Critical Entities Resilience Directive (CER Directive), which lays down obligations on EU Member States to take specific measures to ensure that essential services and infrastructures, for the maintenance of vital societal functions or economic activities, are provided in an unobstructed manner in the internal market, and the NIS 2 Directive, also known as the Network and Information Security Directive, aimed at improving cyber security and protecting critical infrastructure across the European Union (EU), the appointment of Frederic is timely to aid with the outward facing communications and clarification of these important directives.

Compliance with the CER Directive and NIS2 Directive are crucial for businesses operating in the EU to safeguard their systems, mitigate threats, and ensure resilience, of which penalties are enforceable on agencies and operators for non-compliance.

John Donlon QPM, Chair of IACIPP, said, “We are delighted that Frederic has undertaken this new position within the Association. He was an excellent representative for us as our Regional Director in North America for a number of years, and his new role now in Europe will add real value at a time when there is significant change on the horizon in terms of regulations relating to national infrastructures”.

Frederic Petit will be presenting, on behalf of the European Commission JRC, at Critical Infrastructure Protection and Resilience Europe ( in Madrid, Spain, on 12th-14th November, part of the Association’s CIP Week in Europe, to raise greater awareness on the necessities of enhancing security and resilience of Europe’s critical infrastructures.

UK-led Joint Expeditionary Force rehearses undersea critical infrastructure protection from the North Atlantic to the Baltic Sea

The Joint Expeditionary Force (JEF) has begun a month-long Response Option  activity Nordic Warden this week for strengthening security of the critical undersea infrastructure in the area from the North Atlantic to the Baltic Sea.

JEF partner nations, including Lithuania, will train at  Nordic Warden exchanging information and provide a synchronized and coordinated response to ensure security of critical undersea infrastructure.

Operation activities will include reconnaissance flights and patrols in cooperation with the JEF air forces and navies. Partner nations will also enhance information exchange and coordination to ensure better situation awareness to ships in the JEF area of responsibility. Operation Nordic Warden is controlled from the JEF headquarters in Northwood, UK.

The Response Option activity Nordic Warden is similar to the first JEF activity conducted in December 2023 in response to the critical infrastructure damage in the Baltic and North Sea regions, namely, the damage to the cable connecting Sweden and Estonia, as well as the pipeline between Finland and Estonia, with real capabilities.

From Lithuania’s perspective, partnership in the JEF is one of the initial means of response to any crisis, including damage to undersea infrastructure. It enables resource sharing, intelligence exchange and joint solutions to mutual regional issues.

The JEF is led by the United Kingdom, its comprises maritime, air and land capabilities contributed by the ten Northern European partners: UK, Denmark, Estonia, Latvia, Lithuania, Netherlands, Norway, Sweden, Finland and Iceland.  Geographical proximity, shared sea borders and economy means cooperation on undersea infrastructure security is not just effective but also vital.

Hybrid threats: Council paves the way for deploying Hybrid Rapid Response Teams

The European Council has approved the guiding framework for the practical establishment of the EU Hybrid Rapid Response Teams. This paves the way for such teams to be deployed upon request, to prepare against and counter hybrid threats and campaigns.
Hybrid Rapid Response Teams are one of the key instruments to support EU member states and partner countries in countering hybrid threats as part of the EU Hybrid Toolbox. As one of the key deliverables of the Strategic Compass, they will provide tailored and targeted short-term assistance to member states, Common Security and Defence Policy missions and operations, and partner countries in countering hybrid threats and campaigns.
In a deteriorating security environment, with increasing disinformation, cyber-attacks, attacks on critical infrastructure, instrumentalised migration, and election interference by malign actors, the Hybrid Rapid Response Teams will be an important new capability of the EU to counter new and emerging threats.

ICYMI – FEMA Sign MOU to Strengthen Cooperation with Swedish Civil Contingencies Agency

FEMA signed a Memorandum of Understanding (MOU) with The Swedish Civil Contingencies Agency. This MOU formalizes our countries’ mutual commitment to advancing global resilience and sharing emergency management strategies. FEMA Administrator Deanne Criswell joined the Director General of the Swedish Civil Contingencies Agency Charlotte Petri Gornitzka and Sweden’s Minister of Civil Defence Carl-Oskar Bohlin at the Swedish embassy.

“2024 is FEMA’s Year of Resilience, an opportunity to highlight the important work we do to help communities mitigate risk, so they can respond faster and recover more effectively,” said Administrator Criswell. “The emergency management field is becoming more complex and our disaster tempo continues to increase and we know that we cannot solve these problems alone. With this partnership, Sweden and the U.S. can share best practices on how we incentivize individuals and communities to mitigate their risks.”

The MOU recognizes that the United States and Sweden face growing national security threats and natural disaster risks. The memorandum builds upon our existing cooperation and Sweden’s recent ascension to NATO, to foster greater collaboration on plans and priorities. It also helps us encourage readiness, civil protection and disaster risk reduction within our respective territories.

TSA announces appointment of members to Surface Transportation Security Advisory Committee

The Transportation Security Administration (TSA) appointed nine people as voting members of the Surface Transportation Security Advisory Committee (STSAC). With these appointments, two new and seven reappointed, the STSAC now includes 30 voting members.
The STSAC was established by Congress in 2019 to advise the TSA Administrator on surface transportation security matters, including recommendations for the development, refinement and implementation of policies, programs, initiatives, rulemakings, and security directives pertaining to the surface transportation sector.
The new members are:
- Christopher Hand, Director of Research, Brotherhood of Railroad Signalmen
- Kaitlyn Holmecki, Senior Manager, International Trade & Security Policy, American Trucking Association
The reappointed members are:
- Jared Cassity, Chief of Safety and Alternate National Legislative Director, SMART Transportation
- James Cook, Assistant Chief of Police, AMTRAK
- Brian Harrell, Vice President & Chief Security Officer, AVANGRID
- Norma Krayem, Vice President, Chair, Cybersecurity, Privacy & Digital Innovation Practice Group, Van Scoyoc Associates
- Robert Mims, Director, Technology Security, Southern Company Gas
- Christopher Trucillo, Chief of Police, New Jersey Transit Police Department
- Lowell Williams, Chief Executive Officer, Cold Iron Security
The STSAC members represent each mode of surface transportation, such as freight rail, highways, mass transit, over-the-road bus, passenger rail, pipelines, school bus industry and trucking among others. For a complete list, please see the STSAC Charter. The Committee also has 14 non-voting members who serve in an advisory capacity for two-year terms from the Departments of Defense, Energy, Homeland Security, and Transportation, as well as the Federal Bureau of Investigation.

Your latest issue of Critical Infrastructure Protection & Resilience News has arrived

Download your copy now at
Please find here your downloadable copy of the Spring 2024 issue of Critical Infrastructure Protection & Resilience News, the official magazine of the International Association of CIP Professionals (IACIPP), for the latest views, features and news, including a Review of the recent Critical Infrastructure Protection & Resilience North America conference and exhibition in Lake Charles, LA.
Critical Infrastructure Protection & Resilience News in this issue:
- Protecting Life - Securing Agriculture
- Protect our Electric Grid – Before it’s Too Late
- Connecting Unrelated Industries Strengthens All Sectors
- Why Airspace Awareness Matters for Critical Infrastructure Security
- Critical Infrastructure Resilience: Are we addressing the real challenges? In the right way?
- Break down cyber and physical security silos to improve protection and operations
- An Interview with CITGO
- Is Cybersecurity As Enchanted as Sleeping Beauty?
- CIPRE Review
- Agency News
- Industry News
Download your copy at

Custom-made Awareness Raising to enhance Cybersecurity Culture

The European Union Agency for Cybersecurity (ENISA) empowers organisations by publishing the updated version of the ‘Awareness Raising in a Box’.
Advanced protection of systems and a robust cybersecurity strategy have become a priority for all kinds of organisations, as cybersecurity issues and threats have evolved to be increasingly sophisticated and pervasive. Thus, awareness raising activities and having a relevant methodology in place are a fundamental to integrating cybersecurity in the organisational culture. With a view to achieve this goal, applying game design elements in cybersecurity awareness activities can simplify familiarisation with terms and concepts through a hands-on experience and motivate employees’ participation.
To test the new edition of the all-in-one toolkit, ENISA piloted the Awareness Raising in a Box (AR-in-a-BOX) with the Cypriot Digital Security Authority and the Cypriot National Coordination Centre.
The Head of the Cypriot Digital Security Authority, Diamantis Zafeiriades, highlighted that "The Digital Security Authority (DSA) and the Cyprus National Coordination Centre for Cybersecurity (NCC-CY) is proud to be working along with the European Union Agency for Cybersecurity (ENISA) to test and promote the Awareness Raising in a Box’ (AR-in-a-BOX), which aims to boost knowledge on cybersecurity awareness techniques. Acknowledging that cyber resilience is a constant training journey for the unpredictable, we are committed to support such initiatives on an ongoing basis."
AR-in-a-Box allows professionals from small and medium (SMEs) to big enterprises and public or private entities, to improve their knowledge on cybersecurity awareness techniques. This comprehensive toolkit offers a blend of theoretical frameworks and practical resources, enabling organisations to craft tailored cybersecurity awareness programmes, including gamification of content.
Notably, the updated version features an online Cyber Awareness Game accessible through the EU ACADEMY.
The updated version of AR-in-a-Box includes the existing catalogue of instructions, games and activities but has also been enriched with the addition of a new guide for the development of internal and external cyber crisis communication plans.
The cyber crisis communication guide aims to help organisations and experts improve their communicational preparedness and response, in times of a cybersecurity crisis. As such incidents may impact several aspects of their operations, the guide provides a holistic approach on their protection and mitigation of risks and damages.

Geopolitics Accelerates Need For Stronger Cyber Crisis Management

ENISA publishes a study on ‘Best Practices for Cyber Crisis Management’ that assists in preparation for crisis management. The study was conducted for the EU Cyber Crisis Liaison Organisation Network (CyCLONe) and is now available publicly.

The geopolitical situation continues to impact the cyber threat landscape also within the European Union. Planning for expected or unexpected threats and incidents is vital for good crisis management.
EU Agency for Cybersecurity Executive Director, Juhan Lepassaar underlined that “Sharing best practices for Member States is a step in successfully strengthening cyber crisis management. This report serves as a tool to assist with implementing the provisions of the NIS2 Directive. Crisis management processes for business continuity are paramount.”

The study outlines the framework and circumstances with cyber crisis scenarios and proposes a series of best practices that will enable the transition into the new requirements of NIS2 Directive, the EU-wide legislation on cybersecurity. The study aims to bring a heterogeneous ecosystem towards stronger harmonisation.

The proposed best practices are clustered into the four phases of the cyber crisis management cycle (prevention, preparedness, response and recovery) and refer to issues arising during each stage with an all-hazards approach.

Concluding with a list of recommendations, ENISA proposes steps to improve Member States’ capacity-building and operational cooperation in the context of cyber crisis management.

Cyber Crisis Management Framework through NIS2
The long history of the EU regarding cybersecurity, and particularly cyber crisis, proves its commitment in building a solid legislative framework to safeguard Member States from emerging threats. Built upon the first directive on Network and Information Security (NIS) that was set in 2016, the NIS2 entry into force marks a transformative period in the field of cybersecurity in the EU due to the new, upgraded provisions and obligations for Member States to incorporate into their national legislation. A key change brought by the adoption of NIS2 includes the reinforced role of ENISA in coordinating cybersecurity actors, such as EU-Cyber Crises Liaison Organisation Network (EU-CyCLONe) and the EU CSIRTs Network.

The European cyber crisis liaison organisation network (EU-CyCLONe)
Under NIS2 Directive, ENISA’s mandate has a role as the secretariat for Cyber Crises Liaison Organisation Network (EU CyCLONe), a network dedicated to enhance Member States’ national authorities’ cooperation in cyber crisis activities and management.

The network collaborates and develops information sharing and situational awareness based on the support and tools provided by ENISA. The network is chaired in turns by a representative from the Presidency of the Council of the EU.

Formed by the representatives of Member States’ cyber crisis management authorities, the EU CyCLONe intervenes together with the European Commission in case of large-scale cybersecurity incidents likely to have a significant impact on services and activities falling into the scope of the NIS2. ENISA also supports the organisation of exercises for EU CyCLONe members, such as CySOPex (played by officers) and as, in this case, BlueOLEx (played by executives).

ENISA pioneers the development of proper mechanisms and consistency for cyber incidents, crisis management and conducting cyber exercises. ENISA is tasked to roll-out the implementation of the Cybersecurity Support Action in 2022 that includes the provision of support to Member States to further mitigate the risks of large-scale cybersecurity incidents in the short term.

1 2 3 55