At a glance.
- CISA releases cross-sector cybersecurity performance goals.
- Trojans being spread through scanners.
- Cyber seed rounds an exception to a general downtrend in venture investment.
- Cyberattacks seen as opportunistic and disconnected from strategy.
CISA releases cross-sector cybersecurity performance goals.
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued voluntary cybersecurity performance goals. CISA explains, "The CPGs [Cybersecurity Performance Goals] are a prioritized subset of IT and operational technology (OT) cybersecurity practices that critical infrastructure owners and operators can implement to meaningfully reduce the likelihood and impact of known risks and adversary techniques. The goals were informed by existing cybersecurity frameworks and guidance," especially those developed by the National Institute of Standards and Technology (NIST), "as well as the real-world threats and adversary tactics, techniques, and procedures (TTPs) observed by CISA and its government and industry partners. By implementing these goals, owners and operators will not only reduce risks to critical infrastructure operations, but also to the American people."
Described as voluntary and not comprehensive, the goals were formulated to be:
- "A baseline set of cybersecurity practices broadly applicable across critical infrastructure with known risk-reduction value.
- "A benchmark for critical infrastructure operators to measure and improve their cybersecurity maturity.
- "A combination of recommended practices for IT and OT owners, including a prioritized set of security practices.
- "Unique from other control frameworks as they consider not only the practices that address risk to individual entities, but also the aggregate risk to the nation."