CISA’s recently launched Shields Ready campaign complements the Shields Up! campaign which we have featured many times here at OODA Loop – specifically on long holiday weekends, when cyber attacks are known to increase. Explore the CISA Shields Ready campaign here.
CISA’s Shields Ready campaign is about making resilience during incidents a reality by taking action before incidents occur. As a companion to CISA’s Shields Up initiative, Shields Ready drives action at the intersection of critical infrastructure resilience and national preparedness. This campaign is designed to help all critical infrastructure stakeholders to take action to enhance security and resilience—from industry and businesses to government entities at all levels, and even individuals by providing recommendations, products, and resources to increase individual and collective resilience for different risk contexts and conditions. By taking steps in advance of an incident, organizations, individuals, and communities are better positioned to quickly adjust their posture for heightened risk conditions, in turn helping to prevent incidents, to reduce impact, and get things back to normal—or better—as quickly as possible. Being part of the resilience journey makes for more resilient people, organizations, and communities.
Key Steps to Building Resilience
- Identify Critical Assets and Map Dependencies: Determine the systems that are critical for ongoing business operations and map out their key dependencies on technology, vendors, and supply chains.
- Assess Risks: Consider the full range of threats that could disrupt these critical systems and the specific impacts such threats could pose to continuity of operations.
- Plan and Exercise: Develop incident response and recovery plans to reduce the impact of these threats to critical systems and conduct regular exercises under realistic conditions to ensure the ability to rapidly restore operations with minimal downtime.
- Adapt and Improve: Periodically evaluate and update response and recovery plans based on the results of exercises real-world incidents and an ongoing assessment of the threat environment.
Adapting to Changing Risk Conditions
The threats and hazards facing America’s critical infrastructure are changing, through more frequent, severe natural disasters; relentless criminal and foreign sponsored cyberattacks; continued threats of terrorism and targeted violence; pandemics and changing migration and labor patterns; and growing international competition and potential conflict. The interconnectivity of critical infrastructure also creates risks because a disruption in one place can ripple near and far. We can and must be more resilient to the range of changing risk conditions that threaten critical infrastructure and the communities, and nation, it supports.
To “take advantage of the free resources available to strengthen and improve the resilience of critical infrastructure systems and services, go to this link.
FEMA’s Ready Campaign
Shields Ready partners with Ready, FEMA’s national public service campaigned designed to educate and empower people to prepare to prepare for, respond to and mitigate emergencies and disasters.
To visit FEMA’s Ready Campaign, go to this link.
Additional OODA Loop Resources
For OODA Loop links to the CISA Shields Up! resources, go to OODA Loop | Shields Up!
Corporate Board Accountability for Cyber Risks: With a combination of market forces, regulatory changes, and strategic shifts, corporate boards and their directors are now accountable for cyber risks in their firms. See: Corporate Directors and Risk
Geopolitical-Cyber Risk Nexus: The interconnectivity brought by the Internet has made regional issues affect global cyberspace. Now, every significant event has cyber implications, making it imperative for leaders to recognize and act upon the symbiosis between geopolitical and cyber risks. See The Cyber Threat
Ransomware’s Rapid Evolution: Ransomware technology and its associated criminal business models have seen significant advancements. This has culminated in a heightened threat level, resembling a pandemic in its reach and impact. Yet, there are strategies available for threat mitigation. See: Ransomware, and update.
Challenges in Cyber “Net Assessment”: While leaders have long tried to gauge both cyber risk and security, actionable metrics remain elusive. Current metrics mainly determine if a system can be compromised, without guaranteeing its invulnerability. It’s imperative not just to develop action plans against risks but to contextualize the state of cybersecurity concerning cyber threats. Despite its importance, achieving a reliable net assessment is increasingly challenging due to the pervasive nature of modern technology. See: Cyber Threat
Recommendations for Action
Proactive Mitigation of Cyber Threats: The relentless nature of cyber adversaries, whether they are criminals or nation-states, necessitates proactive measures. It’s crucial to remember that cybersecurity isn’t solely the responsibility of the IT department or the CISO – it’s a collective effort that involves the entire leadership. Relying solely on governmental actions isn’t advised given its inconsistent approach towards aiding industries in risk reduction. See: Cyber Defenses
The Necessity of Continuous Vigilance in Cybersecurity: The consistent warnings from the FBI and CISA concerning cybersecurity signal potential large-scale threats. Cybersecurity demands 24/7 attention, even on holidays. Ensuring team endurance and preventing burnout by allocating rest periods are imperative. See: Continuous Vigilance