CISA urges critical infrastructure to plan for prolonged service delivery during emergencies

The Cybersecurity and Infrastructure Security Agency (CISA) is advising owners and operators of critical infrastructure to develop plans for delivering essential services under emergency conditions, potentially for extended periods of months, based on information published by Cyberscoop.

CISA is warning that state-sponsored hackers, specifically Chinese groups known as Salt Typhoon and Volt Typhoon, pose a continuous threat to vital sectors such as electricity, water, and internet services. The agency is collaborating with the private sector to fortify operational technology (OT) – the systems controlling critical infrastructure machinery – against attacks that infiltrate through business IT systems or third-party vendors. The initiative, CI Fortify, involves CISA conducting technical assessments to help entities create plans for safe operations for weeks to months while isolated from IT networks and external tools. Acting director Nick Andersen emphasized the goal of maintaining service delivery even after disconnection from IT, OT, and third-party connections.

This effort comes in the wake of numerous kinetic and cyberattacks targeting critical infrastructure globally. CISA has begun piloting these assessments with organizations supporting national security, public health, and economic continuity, with plans to expand the program. The strategy includes isolation, where external network connections to OT are severed during emergencies, and recovery, which focuses on best practices like backups and manual operational procedures. Cybersecurity specialists widely believe that other nations may also be exploiting similar vulnerabilities in U.S. critical infrastructure, despite ongoing efforts by agencies like the FBI and FCC to address threats from Chinese hacking groups.

Source: Cyberscoop