Connect with us

Hi, what are you looking for?

Cyber Security

CISA Launches Ransomware Warning Pilot for Critical Infrastructure

The new pilot program will enable “timely risk reduction” by alerting critical infrastructure owners and operators of vulnerabilities within their systems that are susceptible to ransomware attacks.

The Cybersecurity and Infrastructure Security Agency publicly announced on Monday that it has established a pilot program to identify vulnerabilities within critical infrastructure systems that are known to be exploited by ransomware groups and threat actors. 

According to CISA, the ransomware vulnerability warning pilot—or RVWP—will “identify organizations with internet-accessible vulnerabilities commonly associated with known ransomware actors by using existing services, data sources, technologies and authorities, including our free Cyber Hygiene Vulnerability Scanning service.”

The RVWP first began on Jan. 30, when CISA contacted 93 organizations “identified as running instances of Microsoft Exchange Service with a vulnerability called ‘ProxyNotShell,’ which has been widely exploited by ransomware actors.”

“This initial round of notifications demonstrated the effectiveness of this model in enabling timely risk reduction as we further scale the RVWP to additional vulnerabilities and organizations,” CISA said. 

The pilot program was created in response to the Cyber Incident Reporting for Critical Infrastructure Act, or CIRCIA, a 2022 law that required CISA “to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments” to the agency. CISA said the RVWP would be “coordinated by and aligned with the Joint Ransomware Task Force,” an interagency body that was also established by CIRCIA. 

“Ransomware attacks continue to cause untenable levels of harm to organizations across the country, including target rich, resource poor entities like many school districts and hospitals,” Eric Goldstein, CISA’s executive assistant director for cybersecurity, said in a statement. “The RVWP will allow CISA to provide timely and actionable information that will directly reduce the prevalence of damaging ransomware incidents affecting American organizations.”

The Biden administration’s outlined cyber priorities have been geared, in part, toward mitigating the threat posed by ransomware to critical services across the country—attacks that, as Goldstein noted, have indiscriminately targeted individuals, organizations, pipelines and schools. 

The White House’s national cybersecurity strategy, released on March 1, called ransomware “a threat to national security, public safety and economic prosperity,” and outlined steps for the federal government to take—including “bolstering critical infrastructure resilience to withstand ransomware attacks”—to better deter cybercriminals. 

President Joe Biden’s fiscal year 2024 federal budget request, released last week, also proposed $3.1 billion in funding for CISA next year—a $145 million increase to the agency’s current budget. The budget document noted that “this includes $98 million to implement the Cyber Incident Reporting for Critical Infrastructure Act.”

Copyright 2021 Associated Press. All rights reserved.

Source: https://www.nextgov.com/cybersecurity/2023/03/cisa-launches-ransomware-warning-pilot-critical-infrastructure/383963/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

How a cornerstone cybersecurity program has evolved from information collection to active defense. The Cybersecurity and Infrastructure Security Agency has used its Continuous Diagnostics...

Cyber Security

Cybercriminals are increasingly leveraging extreme weather events to launch attacks on critical infrastructure sectors. Cybersecurity experts say critical infrastructure operators can leverage a set...

Cyber Security

A new report says a cyber threat actor within Russia’s military intelligence service leveraged a novel malware campaign targeting Android devices used by the...

Cyber Security

The United States is facing an unsustainable demand for water and lacks the security posture to defend the nation’s water systems from emerging threats,...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO