CISA Launches FY2025-2026 International Strategic Plan

The Cybersecurity & Infrastructure Security Agency (CISA) published their 2025-2026 International Strategic Plan with a commitment to reducing risk to the globally interconnected and interdependent cyber and physical infrastructure.
In today’s interdependent and interconnected world, the protection and security of our cyber and physical infrastructure requires the concerted efforts of public and private partners around the globe. The Cybersecurity and Infrastructure Security Agency (CISA) is a globally recognized leader in shaping and implementing proactive approaches to reduce risk and increase the resilience of critical infrastructure on which the United States (U.S.) and its partners depend.
To effectively marshal its resources and guide operations, CISA issued the 2023-2025 CISA Strategic Plan, the agency’s first comprehensive strategic plan since CISA’s establishment in 2018. In recognition of the reality that today’s threats do not respect borders, CISA developed this CISA International Strategic Plan as a complementary guide for CISA’s international activities and outcomes.
This CISA International Strategic Plan acknowledges that the risks we face are complex and geographically dispersed, and that we cannot achieve our objectives in a vacuum. It is imperative that we expand visibility into internationally shared systemic risks. The maturity and security practices of global owners and operators of both cyber and physical infrastructure, technology, supply chains, and systems vary widely. Sharing timely, relevant, and accurate threat information and risk reduction advice with international partners provides the foundation for a more secure cyber-physical environment for all of us.
The CISA International Strategic Plan goals are to:
1. Bolster the Resilience of Foreign Infrastructure on Which the U.S. Depends.
2. Strengthen Integrated Cyber Defense.
3. Unify Agency Coordination of International Activities.
Through the goals and objectives outlined in this CISA International Strategic Plan – in coordination with the Department of Homeland Security (DHS), the Department of State, and partners across the interagency, and in accordance with U.S. national security, economic, and foreign policy priorities – CISA will assess and prioritize critical infrastructure dependencies and partner with foreign entities to advance CISA’s homeland security mission.
Strategic Intent
The CISA International Strategic Plan will focus and guide the agency’s international efforts over the 2025–2026 period. It highlights the agency’s commitment to reducing risk to the globally interconnected and interdependent cyber and physical infrastructure that Americans rely on every day. Our aim is to shape the international environment to reduce risk to critical dependencies and set conditions for success in cooperation, competition, and conflict. The CISA International Strategic Plan lays out three goals CISA must achieve to address the ever-changing and dynamic challenges facing America and our international partners. The first two goals focus on “what” the agency will work on in the international environment to achieve our “why” – 1) to reduce risk to and build resilience of foreign assets, systems, and networks that impact U.S. critical infrastructure, 2) understand shared global threats to critical infrastructure, and 3) support collective defense. The third goal focuses internally to promote unified action, working as One CISA to conduct international activities.
Strategic Approach
The approach laid out in this CISA International Strategic Plan aligns with guidance set forth in the National Security Strategy, National Cybersecurity Strategy, U.S. International Cyberspace and Digital Policy Strategy, CISA Strategic Plan 2023–2025, CISA Stakeholder Engagement Strategic Plan FY2023-2025, and CISA Cybersecurity Strategic Plan 2024–2026, as well as the identified priorities of the Secretary of Homeland Security. The CISA International Strategic Plan and the U.S. International Cyberspace and Digital Policy Strategy firmly align to bolster and broaden international alliances to mature cyber defense efforts, both domestically and internationally. This involves fostering collaborative relationships with global partners; sharing expertise, technical resources, and best practices; and collectively fortifying cyber resilience to address emerging threats in an interconnected world. Our strategic approach will not only advance the resilience of critical infrastructure dependencies at home and abroad, but it will also ensure a long-term commitment in strengthening international partnerships that are essential for CISA’s mission success. As part of coordinated U.S. government efforts, CISA will proactively engage and support international partners to assess, influence, and assist with reducing risk and strengthen the security and resilience of foreign assets, systems, and networks on which our nation’s critical infrastructure depends. As threats evolve across the spectrum of competition with state and non-state actors, no single organization or entity has all the answers for how to address cyber and physical threats to critical infrastructure. Therefore, CISA will prioritize operational collaboration and international activities to achieve mutual interests and goals with our partners. This plan centralizes CISA’s focus and coordination on goals and objectives that increase homeland and national security. More importantly, it positions CISA to support the internal coordination of international activities through the execution of annual planning cycles. This CISA International Strategic Plan seeks to streamline or eliminate overlapping and redundant systems to synchronize complex international issues that cut across our agency.
Overall, our aim is to build, strengthen, and sustain international relationships to:
1. Advance homeland and national security objectives.
2. Prevent incidents and increase resilience of physical and cyber critical infrastructure at home and abroad.
3. Increase awareness to detect, deter, and disrupt emerging threats and hazards.
4. Manage and reduce systemic risks.
5. Increase understanding of international critical infrastructure interdependencies and anticipate cascading impacts.
6. Influence international policy, standards, and best practices.
7. Assist key partners to address their capability shortfalls.
8. Expand bilateral/multilateral exchanges of expertise, in tandem with increased federal inter- and intra-agency coordination, to improve risk management and incident response capacity.
9. Mature and strengthen CISA’s international partnerships, arrangements, and policies.
Goal 1: Bolster the Resilience of Foreign Infrastructure on Which the U.S. Depends
Interconnected Critical Infrastructure Graphic
Recognizing that much of U.S. critical infrastructure interconnects and/or is interdependent with foreign assets, systems, or networks, CISA will work closely with domestic and international partners to bolster the security and resilience of the international critical infrastructure on which the U.S. depends. These interconnections and interdependencies span the full range of critical infrastructure sectors: pipelines, telecommunications, and essential supply chains, among others. Malicious cyber actors continue to exploit vulnerabilities across these sectors to target critical infrastructure through ransomware and other cyberattacks. The threat from global terrorism remains a persistent concern and a significant threat to U.S. and international facilities. Thus, it is essential for CISA to work with partners to assess and reduce risk from foreign critical dependencies impacting U.S. critical infrastructure resilience. In doing so, CISA must strengthen exchanges with international partners that promote our priorities abroad as well as influence standards, regulations, and policies to advance homeland and national security objectives. A collaborative approach to understanding interconnected critical infrastructure systems will set conditions for the U.S. and our international partners to proactively develop strategies, policies, and programs that integrate risk reduction efforts and reflect mutual and multi-stakeholder security interests at home and abroad.
1.1. Identify and prioritize foreign critical infrastructure on which the nation depends and bolster its security and resilience.
The U.S. depends on foreign-owned systems that support our critical infrastructure sectors such as communications, transportation, information technology, energy, financial services, and critical manufacturing. CISA will work with interagency and international partners to identify and understand which international systems and assets are truly critical to the nation’s critical infrastructure and assess how they are vulnerable to create strategies to manage shared risks. CISA will also work with interagency and international partners to promote a shared understanding of global threats to critical infrastructure security and resilience, such as cyberattacks, chemical and improvised explosive devices, threats to supply chain interdependencies, foreign malign investments, and climate change. Managing risk and bolstering resilience will require long-term, strategic collaboration between public and private sectors at home and abroad.
Enabling Measure: In coordination with the Department of State and relevant U.S. government partners, we will broaden our understanding of systemic risk by expanding our visibility into infrastructure and supply chain vulnerabilities for priority foreign critical infrastructure upon which the U.S. depends.
Measure of Effectiveness:
1. Increase the number of U.S. government activities coordinated by CISA to advance the security and resilience of prioritized foreign critical infrastructure and supply chains.
2. Increase the number of global partner actions taken to address risks to prioritized foreign critical infrastructure.
3. Increase the number of domestic partner actions taken to mitigate potential disruptions of U.S. critical infrastructure operations resulting from dependencies with foreign assets, systems, and supply chains.
1.2. Strengthen international partnerships that promote U.S. critical infrastructure priorities and interests abroad.
CISA seeks to expand visibility into internationally shared threats and systemic risks. To improve situational awareness for both CISA and our international stakeholders, we must mature multidirectional communications with external partners, including timely incident reporting and the systematic sharing of threat and vulnerability information. Strengthening includes accelerating the speed, improving the accuracy, and enabling the effectiveness of critical information sharing, while using CISA as a hub for multi-stakeholder initiatives. We will use CISA’s cross-functional expertise to foster communication and information sharing with global partners at scale, which will advance the resiliency of our critical infrastructure against shared challenges and preserve our ability to communicate in the event of an emergency. This will create a foundation for advancing international efforts that mature our collective ability to plan for, detect, deter, and disrupt emerging threats and hazards to cyber and physical infrastructure and interoperable emergency communications. Deepening the understanding of shared and systemic risk with our partners will strengthen the protection and resilience of critical infrastructure on which the nation relies.
Enabling Measure: We will expand our ability to execute joint operational activities, capacity development efforts, and shared policy frameworks that advance U.S. priorities for defending cyberspace and protecting U.S. critical infrastructure.
Measure of Effectiveness:
1. Increase the number of joint operational activities conducted with global partners to build public and private capacity to deter, prevent, protect, and respond to incidents to critical infrastructure.
2. Increase information sharing exchanges with global partners to promote U.S. security and resilience priorities and to enhance CISA’s programs, services, and products.
1.3. Shape operational and technical global standards, regulations, policies, guidelines, and best practices to advance security.
CISA will work with interagency partners to support standards activities—in coordination with the DHS Science and Technology Directorate—through standard development organizations that can advance U.S. interests. Within CISA’s authorities, our aim is to promote and support a wide array of portfolios, including but not limited to cyber and physical critical infrastructure, emerging technology, chemical security, emergency communications, school safety, bombing prevention, and more to ensure that systems, infrastructure, government, business, and the public can withstand and recover from deliberate attacks, accidents, and natural hazards. Where appropriate, we will advance and contribute to the development and adoption of operational and technical international standards and regulations to strengthen cybersecurity, fortify critical infrastructure security and resilience, and improve emergency communication. CISA holds a shared approach to international standards, regulations, guidelines, and best practices for critical infrastructure security and critical emerging technologies, to include artificial intelligence (AI). This will help accelerate standards that contribute to interoperability and promote U.S. competitiveness and innovation with our partners.
Enabling Measure:
1. We will advance open, transparent, and rules-based standards processes to ensure that globally relevant standards meet U.S. national security requirements for critical infrastructure.
2. We will work with partners to counter the influence of adversaries attempting to unduly shape standards in a manner which would represent a threat to national security.
Measure of Effectiveness:
1. In coordination with government, industry, and academic partners, increase the development and publication of technical standards for adoption by international standards and policy setting bodies that advance the protection, interoperability, and resilience of U.S. critical infrastructure.
Goal 2: Strengthen Integrated Cyber Defense
Integrated Cyber Defense graphic
Cybersecurity threats extend beyond national borders. Strong international cyber defense partnerships set conditions that reduce risk and minimize the impact of attempts to infiltrate, exploit, disrupt, or destroy critical infrastructure systems that support our national critical functions (NCFs). Engaging international partners allows CISA to build trust, illuminate threats, and facilitate the free flow of cybersecurity defense information. We will work with partners, international organizations, and nongovernmental organizations to influence global cybersecurity practices and standards that promulgate cyber safety and security at scale. Bolstering the capabilities of key partners improves our collective cyber defense abroad against state and non-state actors.
2.1. Enable cyber defense with partners to reduce collective risk.
International partners contribute essential information to support CISA’s cybersecurity mission. A network of trusted partners provides increased visibility into—and ability to mitigate—cybersecurity threats, vulnerabilities, and campaigns. Our aim is to increase and mature our network of trusted partners through our bilateral and multilateral Computer Security Incident Response Team (CSIRT)-CSIRT engagements. Through these engagements, we seek to strengthen CSIRT-CSIRT relationships that enable the exchange of actionable operational information, which includes product sharing, vulnerability alerts, victim notifications, tactics, techniques, and procedures as well as evaluating unique international inputs to reduce risk. This effort will facilitate a collective response and provide a vehicle for partners to share information that builds trust and global cyber situational awareness—especially for those foreign systems, networks, and assets truly vital to the nation’s critical infrastructure. We will strive to set an example as the premier CSIRT organization and work with international partners to understand how incidents occur, how to prevent them, and to provide technical resources that alleviate critical operational gaps. Beyond immediate threat information, these operational partnerships help inform international exercises that will enable us to better understand risks and provide additional ways and means to better manage threats and risk abroad.
Enabling Measure: We will increase trust and strengthen operational collaboration through bilateral and multilateral engagements with international partners by expanding participation in CSIRT-CSIRT engagements.
Measure of Effectiveness:
1. Increase the number of trusted international CSIRT partners.
2. Increase the percent of bilateral and multilateral CSIRT engagements that reduce combined risk.
3. Increase the number of CSIRT partners that apply recommended risk mitigations prior to exploitation.
2.2. Drive standards and security at scale to increase cyber safety.
For decades, the U.S. has worked through international institutions to define and advance responsible state behavior in cyberspace, steering partners toward developing secure technology from inception. As part of the broader national effort, CISA will encourage international partners to define, adopt, and implement global cybersecurity standards, norms, and best practices that promote U.S. cybersecurity interests. The agency will also provide guidance, advice, and expertise to help define and implement safe global standards, norms, and best practices that support U.S. domestic cybersecurity interests. Our aim is to set the bar high for global standards and prioritize them to reflect CISA interests and implement them as a critical element to protect citizens. As some of the most visible examples, CISA’s international focus is to encourage the widespread adoption of Secure by Design practices, including adoption of software bills of materials, secure AI systems, open-source security, and coordinated vulnerability disclosures.
Enabling Measure: In collaboration with international public and private sector partners, we will advance a global commitment to safe and secure software development and deployment.
Measure of Effectiveness:
1. Increase in international standards that recommend frameworks for secure software development at the onset of the software development lifecycle.
2. Increase the number of partner states, international organizations, and industries that adopt and implement the principles of Secure by Design.
2.3. Increase cyber and physical resilience capabilities of key partners.
The breadth and depth of the international cybersecurity challenge exceeds the capacity of any one organization. It is paramount that key partners possess the fundamental capabilities to safeguard and defend their connected critical infrastructure that impact our NCFs. Our aim is to establish an environment where our partners can organically detect threats, assess potential impacts, and receive and exchange real-time risk reduction actions that increase collective security and resilience and support the rapid establishment of consistent, secure, and effective interoperable emergency communications. CISA possesses capabilities that can uniquely contribute to homeland and national security objectives—especially as part of larger U.S. government efforts to improve the cybersecurity capabilities of priority international partners. As the U.S. strengthens relationships with key partners, CISA can provide training, exercises, and information sharing capabilities. These activities can assist international partners in developing and growing organic risk reduction capabilities, while setting supporting priorities for the investment and divestment of limited resources to fill collective capability shortfalls.
Enabling Measure: In collaboration with the Department of State, we will advance shared cybersecurity priorities and strengthen international partner capacity to support these priorities through the focused delivery of CISA services that proactively and collaboratively bolster our international cybersecurity and resilience.
Measure of Effectiveness:
1. Increase the number of CISA services delivered to international partners that address identified security and resilience gaps.
2. Increase in the percent of program participants equipped with required competencies in cyber or physical security and resilience.
3. Expand the network of foreign train-the-trainer partners capable and approved to provide CISA-based training within their regions.
4. Increase the percent of partners reporting strengthened capabilities to manage their own risk.
Goal 3: Unify Agency Coordination of International Activities
Connecting lines
An effective international plan depends on unity of effort across the agency’s divisions and mission enabling offices (offices). Accomplishing unity of effort will require that CISA internally prioritizes, coordinates, deconflicts, and aligns international activities through improved organization and governance, integrated functions, and a well-trained workforce.
3.1. Strengthen and institutionalize CISA’s governance of international activities.
The CISA Stakeholder Engagement Division (SED) will establish a governance structure to advise on international matters and provide a clear articulation of the agency’s international priorities. Taking into account inputs from divisions and offices, these priorities will provide clear guidance that is consistent with CISA’s authorities and domestic requirements as well as broader DHS and national security policies.
Enabling Measure: We will establish internal agency processes and procedures for governing the agency’s international activities using the One CISA approach.
Measure of Effectiveness:
1. Increase the number of governance documents and processes that improve standardization and transparency of agency international activities.
3.2. Align and synchronize CISA’s international functions, capabilities, and resources.
CISA will support systematic information sharing across the agency through policy coordination and the collection and dissemination of international lessons learned to effectively realize the full range of specialized expertise and capabilities across the agency. SED will coordinate CISA’s international communications and activities across CISA to provide the agency with situational awareness of current and projected international activities. This coordination will address gaps and eliminate duplication of effort while ensuring timely execution of operational priorities and alignment of CISA’s international activities with this strategic plan and national security priorities.
Enabling Measure: We will optimize internal business operations to ensure the coordinated delivery of products and services to international partners that effectively advance cyberspace defense and U.S. critical infrastructure security and resilience.
Measure of Effectiveness:
1. Increase the percent of cross-cutting activities coordinated through CISA International Affairs.
2. Increase in internal products and services that improve widespread awareness of key international cybersecurity and critical infrastructure security and resilience issues.
3.3. Equip CISA’s workforce through training and education to promote CISA’s capabilities on the global stage.
With an inherent domestic focus, we recognize that there are skills CISA needs to provide the workforce to influence the international system. CISA will develop and provide training opportunities for employees who will deploy overseas as well as those engaged in deliberate international activities. SED will aim to facilitate DHS and State Department pre-deployment training for Attachés, Liaison Officers, and Technical Advisors deploying overseas, including a CISA familiarization program to ensure a baseline understanding of CISA’s organization, role, responsibilities, authorities, and strategic objectives. SED will provide international affairs etiquette guidance to all travelers as part of the travel preparation process. For CISA leadership and travelers conducting potentially sensitive engagements, SED will provide a tailored pre-departure briefing encompassing cultural norms and U.S. foreign policy goals with recommended talking points.
Enabling Measure: CISA, through its workforce, is prepared to actively and effectively engage in international efforts to advance cyberspace defense, safe and secure technology development and deployment, and critical infrastructure security and resilience.
Measure of Effectiveness:
1. Increase the percent of CISA personnel trained and provided with resources to deliver international services.
2. Increase in the percent of CISA personnel who report that specialized training improved their capability to represent the agency effectively while performing international activities.
Conclusion
Robust and trusted international partnerships serve as a force multiplier across the spectrum of global competition. Successful partnerships require commitment, dedication, and time to build trust. In coordination with DHS and the State Department, CISA will develop, strengthen, and sustain these relationships. This CISA International Strategic Plan provides a framework to build and maintain an agency posture with international partners to enable the U.S. to compete with and prevail against current and future threats. Importantly, this plan addresses multiple challenges under different conditions and creates the framework to prioritize agency efforts.
These goals position CISA strategically with a posture that reinforces critical partnerships abroad to overcome complex and interconnected challenges. The strategic approach aligns CISA with the broader U.S. government as well as our international partners to enable access, develop capacity, and ensure the flexibility to support national efforts to compete globally against state and non-state actors.
This CISA International Strategic Plan creates opportunities for shared success and is a process, not simply a publication; therefore, CISA will review progress quarterly. Unpredictability in the international security environment, or obstacles to our progress, may drive us to change course. We will remain agile and shift our focus to ensure we are integrating the right people, processes, technology, and partners at the right time, place, and space for mission success. Just as our threats and adversaries adapt to and shape the cyber and physical security environment, CISA will continue to evolve to fulfill the vision of a secure and resilient infrastructure for the American people—this CISA International Strategic Plan establishes a proactive path to achieve that vision.

CISA and Partners Release Advisory on Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations

CISA—in partnership with the Federal Bureau of Investigation (FBI) and the Department of Defense Cyber Crime Center (DC3)—released Iran-based Cyber Actors Enabling Ransomware Attacks on U.S. Organizations. This joint advisory warns of cyber actors, known in the private sector as Pioneer Kitten, UNC757, Parisite, Rubidium, and Lemon Sandstorm, targeting and exploiting U.S. and foreign organizations across multiple sectors in the U.S.
FBI investigations conducted as recently as August 2024 assess that cyber actors like Pioneer Kitten are connected with the Government of Iran (GOI) and linked to an Iranian information technology (IT) company. Their malicious cyber operations are aimed at deploying ransomware attacks to obtain and develop network access. These operations aid malicious cyber actors in further collaborating with affiliate actors to continue deploying ransomware.
This advisory highlights similarities to a previous advisory, Iran-Based Threat Actor Exploits VPN Vulnerabilities published on Sept. 15, 2020, and provides known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs).
CISA and partners encourage critical infrastructure organizations to review and implement the mitigations provided in this joint advisory to reduce the likelihood and impact of ransomware incidents. For more information on Iranian state-sponsored threat actor activity, see CISA’s Iran Cyber Threat Overview and Advisories page.

Airports Efforts to Enhance Electrical Resilience

The nation's commercial service airports require continuous, reliable electricity to power airfield operations and airport facilities. FAA and airports are responsible for ensuring the resilience of airports' electrical power systems—including the ability to withstand and recover rapidly from electrical power disruptions.

GAO was asked to review major power outages at airports and steps federal agencies and airports are taking to minimize future disruptions. This report describes (1) the extent to which selected airports reported they had experienced electrical power outages since 2015, (2) actions selected airports have taken to improve the resilience of their electrical power systems, and (3) actions FAA has taken to help airports develop and maintain resilient electrical power systems.

GAO conducted semi-structured interviews with officials from 41 selected airports of varying sizes, representing 72 percent of passenger enplanements. GAO administered a follow-up survey to these 41 airports, focusing on the extent to which they had experienced electrical outages; 30 responded to the survey, representing 53 percent of total enplanements. GAO also reviewed applicable statutes and regulations and analyzed funding data to identify examples of electrical power projects. Further, GAO interviewed FAA officials and airport, academia, state government, and energy stakeholders.

A power outage can significantly disrupt an airport's operations. One 2017 outage at Hartsfield-Jackson Atlanta International Airport led to about 1,200 cancelled flights and cost an airline around $50 million.

Many of the nation's airports are enhancing their ability to withstand and rapidly recover from power disruptions. They're improving their electrical infrastructure, including installing backup generators or solar panels. Some airports are also considering installing microgrids—systems that independently generate, distribute, and store power. The FAA is offering new and expanded grant programs to help fund these projects.

Twenty-four of the 30 commercial service airports that responded to GAO's survey and interviews reported experiencing a total of 321 electrical power outages—i.e., an unplanned loss of power lasting 5 minutes or longer—from 2015 through 2022. Eleven of these airports reported having six or more outages over this 8 year period. Airports reported that these outages affected a range of airport operations and equipment (see table). Not all responding airports were able to provide detailed information about their outages, and some provided estimates about affected activities.

Selected airports reported taking several actions to improve the electrical power resilience of their airports, including (1) conducting electrical infrastructure assessments, (2) undertaking projects to improve electrical infrastructure, and (3) installing equipment to generate additional backup power. For example, 40 of the 41 airports GAO interviewed reported planning or completing an infrastructure project to increase electrical power resilience. Of these, four airports reported installing microgrids. Such microgrid systems are capable of independently generating, distributing, and storing power.

The Federal Aviation Administration (FAA) is administering new and expanded grant programs and issuing guidance to support airports' electrical resilience efforts. For example:

- Airport Improvement Program funding eligibility was expanded to include the Energy Supply, Redundancy, and Microgrids Program projects, which may include certain electrical power resilience projects.

- The new Airport Terminal Program provides funding for airport terminal development projects, including those that may strengthen resilience.

- FAA issued program guidance and conducted airport outreach to help increase airports' awareness of available federal funding for resilience projects.

CISA and FBI Publish Joint Advisory on QakBot Infrastructure

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), Identification and Disruption of QakBot Infrastructure, to help organizations detect and protect against newly identified QakBot-related activity and malware. QakBot—also known as Qbot, Quackbot, Pinkslipbot, and TA570—is responsible for thousands of malware infections globally.

Originally used as a banking trojan to steal banking credentials for account compromise, QakBot—in most cases—was delivered via phishing campaigns containing malicious attachments or links to download the malware, which would reside in memory once on the victim network. QakBot has since grown to deploy multiple types of malware, trojans, and highly-destructive ransomware variants targeting the United States and other global infrastructures, including the Election Infrastructure Subsector, Financial Services, Emergency Services, and Commercial Facilities Sectors.

CISA and FBI urge organizations to implement the recommendations contained within the joint CSA to reduce the likelihood of QakBot-related activity and promote identification of QakBot-facilitated ransomware and malware infections.

CISA, NSA, and NIST Publish Factsheet on Quantum Readiness

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and National Institute of Standards and Technology (NIST) released a joint factsheet, Quantum-Readiness: Migration to Post-Quantum Cryptography (PQC), to inform organizations—especially those that support Critical Infrastructure—of the impacts of quantum capabilities, and to encourage the early planning for migration to post-quantum cryptographic standards by developing a Quantum-Readiness Roadmap.

CISA, NSA, and NIST urge organizations to review the joint factsheet and to begin preparing now by creating quantum-readiness roadmaps, conducting inventories, applying risk assessments and analysis, and engaging vendors. For more information and resources related to CISA’s PQC work, visit Post-Quantum Cryptography Initiative.

Spanish EU Council Presidency: CoESS and APROSER make proposals for a future-oriented, more resilient, European Union

On 01 July 2023, Spain took over the rotating Presidency of the Council of the EU. It will thereby be responsible to lead the work in Brussels on important matters such as negotiations on the EU Artificial Intelligence (AI) Act and initiatives in the context of the EU Year on Skills.

In a Joint Statement, CoESS and APROSER declare the commitment of the European security industry to support the efforts of the Spanish Presidency on a large range of matters impacting not only the security services, but public security overall.

The timing of the Spanish Presidency comes at a particularly decisive stage. First, EU lawmakers will have to find agreement on a large range of open dossiers before the European elections in 2024, notably the EU AI Act. At the same time, European businesses and societies are confronted with a range of challenges, such as labour shortages and increasing threats to the protection of Critical Infrastructure and supply chains – to name only a few.

In their Joint Statement, the representatives of the European and Spanish private security industry, CoESS and APROSER, confirm their commitment to support the Spanish Presidency in its efforts to build a more future-oriented and resilient EU and make respective proposals for the way forward. These are grouped along four key messages:

- Recognising the value of private security services to European citizens and economy
- Adapt legislation to realities in a changing security landscape
- Public security empowered through qualified workers
- Enforce the provision of high-quality security services to European citizens

Important recommendations include the hosting of a private security roundtable in Brussels, principles of human-centred AI and legal certainty in the context of the future EU AI Act, and a call for a revision of the EU Public Procurement Directives.

ICS regulations, standards and directives improve cybersecurity in OT environments, though limitations prevail

Increasing instances of cybersecurity threats, geopolitical instability, and rising cyber insurance premiums call upon operational environments to strengthen and safeguard by implementing ICS regulations, standards, and directives. Weaving these measures into the organizational framework helps improve security posture, enhance resilience against cyber threats, minimize cyber risks, protect assets and operations, and safeguard public safety and national security while establishing a common baseline for cybersecurity practices.

Federal agencies around the world have recognized the importance of securing critical infrastructure systems and stepped up efforts to bolster cybersecurity measures in OT (operational technology) environments. These regulations outline specific requirements that organizations must follow regarding the management and protection of their OT assets. Compliance with these measures is mandatory and failure to comply can result in penalties or loss of licensing.

Assigning directives by regulatory bodies or industry-specific organizations also helps provide guidance on specific aspects of cybersecurity for OT environments. These measures serve as a roadmap for organizations to enhance their security posture and align their practices with industry best practices.

Standards are set by international organizations and industry consortiums to define best practices, frameworks, and technical specifications for securing OT environments. Standards such as ISO 27001, IEC 62443, IEC 63452, and NIST SP 800-82 provide organizations with a structured approach to implementing security controls, risk management, and incident response processes in OT environments. Compliance with these standards helps organizations demonstrate their commitment to cybersecurity and provides a benchmark for measuring their security posture.

Industrial Cyber contacted cybersecurity executives to assess the adequacy of existing regulations, standards, and directives in addressing Ransomware-as-a-Service (RaaS) attacks, nation-state hackers, and insider threats in OT/ICS environments. They also analyze how they contribute to building resilience and business continuity in OT environments and the critical infrastructure sector.

“CISA is at its core a partnership agency and our relationship with critical infrastructure entities is based on a voluntary collaboration and trust,” Eric Goldstein, executive assistant director for cybersecurity at the U.S. Cybersecurity and Infrastructure Security Agency (CISA), told Industrial Cyber. “In certain cases, CISA supports regulatory agencies in developing outcome-oriented requirements that appropriately incentivize adoption of the most effective security controls, including with agencies like TSA, EPA, and the U.S. Coast Guard.”

He added that in all cases, regulatory requirements do not replace the foundational value of voluntary operational collaboration to support shared security outcomes between the government and the private sector.

“The relative pervasiveness of RaaS and other intrusions into critical infrastructure demonstrate that our current regimes are insufficient to ensuring that critical infrastructure owners and operators have taken the necessary steps to secure their environments,” Mark Bristow, director of MITRE’s Cyber Infrastructure Protection Innovation Center (CIPIC), told Industrial Cyber. “This is particularly frustrating in the case of RaaS where financially motivated adversaries are often looking for the ‘low hanging fruit’ with vulnerabilities that are well understood and can be mitigated but are not providing ample examples of ransomware against our CI entities. Some industries already have regulations for cybersecurity, such as the NERC CIP regulations.”

Full story at Industrial Cyber >>

CISA and Partners Release Joint Cybersecurity Advisory on Newly Identified Truebot Malware Variants

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigations (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) released a joint Cybersecurity Advisory (CSA), Increased Truebot Activity Infects U.S. and Canada Based Networks, to help organizations detect and protect against newly identified Truebot malware variants. Based on confirmation from open-source reporting and analytical findings of Truebot variants, the four organizations assess cyber threat actors leveraged the malware through phishing campaigns containing malicious redirect hyperlinks.

Additionally, newer versions of Truebot malware allow malicious actors to gain initial access by exploiting a known vulnerability with Netwrix Auditor application (CVE-2022-31199). As recently as May 2023, cyber threat actors used this common vulnerability and exposure to deliver new Truebot malware variants and to collect and exfiltrate information against organizations in the U.S. and Canada.

CISA, FBI, MS-ISAC, and the CCCS encourage all organizations to review this joint advisory and implement the recommended mitigations contained therein—including applying patches to CVE-2022-31199, to reduce the likelihood and impact of Truebot activity, as well as other ransomware related incidents.

CISA CyberSentry Program Launches Webpage

Cybersecurity & Infrastructure Security Agency (CISA) has published a blog and webpage on the CyberSentry program, a CISA-managed threat detection and monitoring capability with critical infrastructure partners that operate significant networks supporting National Critical Functions (NCFs): cisa.gov/CyberSentry

The CyberSentry program enables our agency to proactively hunt for malicious cyber activity, advise on mitigation strategies, and provide critical infrastructure partners with recommendations for improving overall network and control system security. The new CyberSentry webpage includes an informational video about the program, a fact sheet and details on how to contact CISA CyberSentry program.

Critical infrastructure organizations are experiencing network intrusions at an increasing frequency. To enhance detection of threats, CISA operates CyberSentry, which is a voluntary, proactive program that leverages its capabilities and partners with a select number of critical infrastructure organizations.

CyberSentry technology supports sensing and monitoring for information technology (IT) and operational technology (OT) networks. CyberSentry has added significant value to both CISA’s national mission and to our partners’ enterprise cybersecurity efforts.

Recent successes include:

- Infected OT Equipment: CyberSentry discovered an infection on a partner’s Human Machine Interface (HMI) equipment that had not been properly patched and secured. CISA analysts quickly notified the partner about the issue and offered guidance on preventive techniques for the future.

- Unintentional Exposure: CyberSentry tools spotted cleartext authentication occurring on a partner’s network, and further investigation revealed that a misconfiguration had caused the issue. A detailed report was provided to the partner, including specific guidance on remediating the situation.

- Private Sector Coordination: During the Colonial Pipeline disruption, CISA analysts coordinated closely with its pipeline partners to share information and monitor for adversary activity.

- SolarWinds Response: CyberSentry data helped to quickly identify partners affected by the SolarWinds supply chain compromise. All impacted partners were notified, and the program worked closely and expediently with these partners to confirm remediation of the threat.

- Identification of Malicious Activity: On multiple occasions, CISA analysts identified possible malicious activity at partner sites and worked with affected partners to identify the root causes of activity.

- Malware Discovery: CyberSentry tools quickly discovered and identified malware in a partner’s IT network. Working with the partner, CISA analysts were able to locate the infected device so the partner could remove it from the network and verify that the threat was contained.

- Attacker Exfiltration Detected: CyberSentry discovered that an attacker was actively exfiltrating information. CyberSentry worked with the partner to identify information that had been exfiltrated. After conferring with CyberSentry analysts, the partner was able to isolate infected systems that same evening, eliminating the threat.

ENISA Report - Good Practices for Supply Chain Cybersecurity

Directive (EU) 2022/2555 (the NIS2 directive) 1 requires Member States to ensure that essential and important entities take appropriate and proportionate technical, operational and organisational measures to manage the risks posed to the security of network and information systems, which those entities use in the provision of their services. Supply chain cybersecurity is considered an integral part of the cybersecurity risk management measures under Article 21(2) of the NIS2 directive.

This new ENISA report provides an overview of the current supply chain cybersecurity practices followed by essential and important entities in the EU, based on the results of a 2022 ENISA study which focused on investments of cybersecurity budgets among organisations in the EU.

Among the findings the following points are observed:
• 86 % of the surveyed organisations implement information and communication technology / operational technology (ICT/OT) supply chain cybersecurity policies.
• 47 % allocate budget for ICT/OT supply chain cybersecurity.
• 76 % do not have dedicated roles and responsibilities for ICT/OT supply chain cybersecurity.
• 61 % require security certification from suppliers, 43% use security rating services and 37% demonstrate due diligence or risk assessments. Only 9 % of the surveyed organisations indicate that they do not evaluate their supply chain security risks in any way.
• 52 % have a rigid patching policy, in which only 0 to 20 % of their assets are not covered. On the other hand, 13.5 % have no visibility over the patching of 50 % or more of their information assets.
• 46 % patch critical vulnerabilities within less than 1 month, while another 46 % patch critical vulnerabilities within 6 months or less.

The report also gathers good practices on supply chain cybersecurity derived from European and international standards. It focuses primarily on the supply chains of ICT or OT. Good practices are provided and can be implemented by customers (such as organisations identified as essential and important entities under the NIS2 directive) or their respective suppliers and providers. The good practices cover five areas, namely:
• strategic corporate approach;
• supply chain risk management;
• supplier relationship management;
• vulnerability handling;
• quality of products and practices for suppliers and service providers.

Finally, the report concludes the following.
• There is confusion with respect to terminology around the ICT/OT supply chain.
• Organisations should establish a corporate-wide supply chain management system based on third party risk management (TRM) and covering risk assessment, supplier relationship management, vulnerability management and quality of products.
• Good practices should cover all various entities which play a role in the supply chain of ICT/OT products and services, from production to consumption.
• Not all sectors demonstrate the same capabilities concerning ICT/OT supply chain management.
• The interplay between the NIS2 directive and the proposal for a cyber resilience act or other legislation, sectorial or not, which provides cybersecurity requirements for products and services, should be further examined.

1 2 3 30