
The US CISA has issued a new report outlining baseline cybersecurity performance goals for all critical infrastructure sectors.
The document is the result of a July 2021 security memorandum signed by President Biden. It has tasked CISA and the NIST with creating fundamental cybersecurity practices for critical infrastructure, mainly to help small- and medium-sized enterprises improve their cybersecurity efforts.
The goals have been established based on existing cybersecurity frameworks and guidance. They also rely on real-world threats and adversary TTPs observed by CISA and its partners. The plan to update these goals every six to 12 months.
As technologies evolve, the risks, TTPs and scope will naturally change. This, coupled with the evolution of Industrial Revolution 4.0, will morph the recommendations and outcomes as appropriate.
The executive added that CISA’s plans to draft sector-specific goals with regulatory agencies may become challenging to maintain over time without close involvement with industry vertical operators.
The CISA report comes months after researchers discovered more than 8000 exposed Virtual Network Computing (VNC) instances that could lead to remote compromise attacks against critical infrastructure organizations.