Critical Infrastructure Organizations Should Bolster Their Cyber Defenses

On March 21, President Biden released a statement on the importance of continued vigilance in protecting US critical infrastructure, stressing the need for strong cybersecurity controls. This statement follows the Russian invasion of Ukraine, US-led sanctions, and new reporting requirements for critical infrastructure companies, which include broadband providers. The new requirements are contained in the Strengthening American Cybersecurity Act, which mandates critical infrastructure companies report certain computer security incidents to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours of discovery and even faster, within 24 hours, if payment is made for ransomware.

The statement and associated fact sheet advise that critical infrastructure companies should immediately take the following steps to harden their defenses:

  1. Implement multi-factor authentication (MFA) for remote access and on all exposed systems to prevent unauthorized access (note that the standard use of username/password is not sufficient protection).
  2. Ensure data is backed up and encrypted. Additionally, backups should be tested for recovery and separated from the rest of the network to guard against ransomware.
  3. Develop an incident response plan that includes reporting guidelines and considers these four recommendations from the NIST Computer Security Incident Handling Guide:
    a. Preparation;
    b. Detection and analysis;
    c. Containment, eradication, and recovery; and
    d. Post-incident activity.
  4. Educate and test employees on security awareness on a variety of topics and ensure they take part in business continuity and incident response exercises, so they are prepared when an incident occurs.
  5. Assess systems and processes using modern tools and mitigate discovered vulnerabilities via patching or system hardening.
  6. Implement network monitoring and logging to detect attacks and prevent a major incident from occurring.

For questions concerning this or any other cybersecurity issue, please press the button below to connect with one of our subject-matter experts.