CISA’s Shields Up Expansion, Shields Ready, Spotlights Resilience

The campaign builds on the agency’s cyber defense awareness initiative with tools, resources and guidance for mitigating incidents.

LISTEN

Your browser doesn’t support HTML5 audio

The Cybersecurity and Infrastructure Security Agency has expanded its Shields Up initiative with the launch of the Shields Ready campaign to improve situational cyber resilience governmentwide.

Shields Ready complements Shields Up by enabling both the public and private sectors with tools, resources, policies and guidelines for mitigating cybersecurity incidents when they happen.

While the Shields Up initiative highlighted the correct course of action for ransomware response during an attack — including detection, containment and eradication — the Shields Ready campaign focuses on being proactive. It provides roadmaps and evidence-supported planning for strategic cyber resilience in enterprises, and it aligns with the Federal Emergency Management Agency’s Ready campaign for natural disaster preparedness.

The Shields Ready campaign, which began in November, comes as government increases its regulatory focus on and guidance of organizations’ incident response capabilities. That includes CISA’s draft Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) requirements and the National Institute of Standards and Technology’s draft security incident handling guidance.

Click the banner below to begin developing a comprehensive cyber resilience strategy.

 

“Shields Ready is about driving resilience and security concepts into infrastructure maintenance and rebuilding,” says David Mussington, executive assistant director for infrastructure security at CISA. “It’s also about identifying cost-effective risk and risk mitigation solutions.”

What Is Shields Ready? How Does It Expand on Shields Up?

Considering climate change and geostrategic competition with nations such as Russia, China, North Korea and other threat actors, a blueprint for improved resilience helps to move the cybersecurity conversation in a more focused direction.

“The way to do that is to confront the list of risks and threats up front, prioritize them and put in place mitigations for the various vectors or challenges,” Mussington says.

National resilience — the ability of the U.S. to prepare for and adapt to changing conditions — means prioritizing the resilience and recoverability of critical infrastructure through outreach, information sharing and other best practices, he says.

“We’re talking about resilience across environmental, physical and digital risks to critical infrastructure,” Mussington says. “There is not one single source of critical infrastructure disruption or weakness.”

The Shields Ready campaign aims to guide organizations on how to identify and prepare for potential cyberthreats, ensuring that they have business continuity operations in place.

Shields Up focused on raising cyberdefense awareness and prevention, much like preventive healthcare.

“The Shields Ready campaign emphasizes resilience and preparedness for when an attack occurs,” says Alice Fakir, federal cybersecurity services partner at IBM. “If something happens to you, how do you remediate? How do you mitigate the risk?”

With Shields Ready Come Cyber Resilience Strategies

Like Mussington, Fakir highlights the geopolitical risks influencing CISA’s push, including those to upcoming elections.

Shields Ready appears more suggestive than mandatory and is just one avenue CISA is pursuing in fortifying the cyberinfrastructure policy of the U.S.

“Over the past few years, CISA has tackled cybersecurity challenges, either through resourceful initiatives or by specifying rules for enterprises to follow,” says Tom Kennedy, vice president of Axonius Federal Systems.

For example, CISA’s draft CIRCIA requirements mandate a cyber incident and ransomware payment reporting structure for covered entities.

Without a robust cyber resilience strategy, cybersecurity measures can only go so far.”
Marcus Fowler

CEO, Darktrace Federal

Shields Ready is designed to encourage critical infrastructure organizations to shift their cyber practices from reactive to proactive to ensure recovery regardless of an incident’s severity.

“Without a robust cyber resilience strategy, cybersecurity measures can only go so far,” Darktrace Federal CEO Marcus Fowler says.

Such strategies require full IT ecosystem visibility to identify any internal and external vulnerabilities and policy gaps before a cyberattack. Strategies also need to account for the proper response technology, breaking down silos in the event that an incident investigation is necessary, and freeing up security teams from time-consuming alerts and triage.

RELATED: Network modernization begins with an infrastructure assessment.

Identifying Critical Assets and Mapping Dependencies

Shields Ready encourages agencies to audit their IT infrastructure and existing dependencies.

“Once you know the infrastructure dependencies and your assets, you can begin to understand their vulnerabilities — allowing you to assess risk,” says Steve Vetter, senior global government strategist for Cisco.

Because of the diversity of devices and bespoke protocols often used in industrial control systems, many critical infrastructure organizations struggle to maintain an accurate and up-to-date catalog of their assets.

“It is crucial that organizations have visibility into all their assets, not just those identified as critical,” Fowler says. “You cannot protect what you cannot see.”

Adversaries now widely use multistage and multidomain attacks, taking advantage of silos and the lack of visibility to move undetected between systems.

Identifying high-value assets, as the government calls them, begins with pulling all available data, but teams must be able to recognize which data matters most.

READ MORE: Develop a clear picture of your security landscape with zero trust.

“One of the greatest challenges security teams face is managing the deluge of data from their tech stack. Making sure that data is being regularly updated and filtered into a single source of truth is critical so that teams can see how all of their assets work together,” Kennedy says.

Teams should also understand the high-value assets that matter most to their business operations, thereby forming a map of assets and dependencies.

“Thinking of this like a puzzle, the data derived from every device and endpoint you have is then put together to form the full picture of your attack surface,” Kennedy says.

That attack surface constantly evolves, with more endpoints and assets added almost daily.

“A plan you created a week ago may not even be applicable now if things shift in your organization,” Kennedy says. “For your organization’s survival alone, you’ll want to regularly update your plans.”

UP NEXT: CISA’s “greenfield” solution is a model for IT modernization in the zero-trust era.

More On Business Continuity, Continuity of Operations, Endpoint Security, Threat Prevention,