The Cybersecurity and Infrastructure Security Agency (CISA) has released updated guidelines highlighting the persistent threat faced by the United States’ critical infrastructure from nation-state cyber actors. These threats extend beyond mere espionage, posing significant risks to operational technology (OT).
Nation-State Threats to Infrastructure
CISA’s warnings emphasize that adversaries have infiltrated crucial systems and telecommunications networks, positioning themselves to disrupt OT operations pivotal to American society in the event of geopolitical conflict.
In response, CISA has introduced the CI Fortify initiative, aiming to empower providers of essential services like public health, national defense, and the economy to maintain functionality during cyberattacks.
Key Strategies: Isolation and Recovery
The CI Fortify program operates on the assumption that during conflicts, internet access and third-party services might become unreliable, while adversaries maintain access to OT networks. Two primary capabilities are stressed for immediate implementation: isolation and recovery.
Isolation involves disconnecting critical systems from external networks to prevent the spread of cyberattacks, aiming to sustain essential services without a complete shutdown. Recovery, on the other hand, focuses on restoring systems if isolation fails, emphasizing the need for updated backups and regular restoration practice.
Expert Insights and Recommendations
CISA Acting Director Nick Andersen urges operators to adopt these guidelines and collaborate with the agency to strengthen defenses. Industry experts, like Xage Security CEO Duncan Greatwood, highlight the necessity of controlling internal environments and maintaining operations even in degraded states.
Greatwood points out that threats can exploit trusted connections and third-party vulnerabilities, suggesting that isolation alone is insufficient. Instead, a focus on segmentation and operational continuity is essential for effective response.
The CI Fortify initiative represents a proactive approach to safeguarding critical infrastructure against evolving cyber threats and geopolitical tensions, ensuring resilience in the face of potential disruptions.
