The Cybersecurity and Infrastructure Security Agency is calling on network defenders to review the analysis of the risk and vulnerability assessments it and the U.S. Coast Guard conducted through fiscal year 2023.
CISA said Friday that the recently-released analysis and an accompanying infographic discuss the details of and findings from the 143 RVAs performed across multiple critical infrastructure—or CI—sectors.
The RVA were carried out to assess the network capabilities and defenses of an organization against known threats with the ultimate aim of formulating strategies to bolster cybersecurity.
CISA performed RVAs on select state, local, tribal, and territorial, or SLTT, organizations; the federal civilian executive branch; and private and public sector CI operators. For its part, the Coast Guard performed RVAs on maritime CI operated by private sector organizations as well as SLTTs.
Based on the analysis, the most successful attacks conducted by the RVA assessors involved the use of common methods, tools and techniques. The assessors also exploited common system vulnerabilities seen among many CI sector organizations.
To counter such threats, the analysis offered several recommendations, including the implementation of enhanced protection mechanisms in addition to strong credential policies.
“CISA encourages system owners and administrators to share this guidance with leadership and apply relevant changes tailored to their specific environments,” the document said, adding, “Analysis of this nature can effectively prioritize the identification and mitigation of high-level vulnerabilities across multiple sectors and entities.”
Hear from various speakers to learn more about the security concerns facing the U.S. and what’s being done to address them at the Potomac Officers Club’s 2024 Homeland Security Summit, which will take place on Nov. 13. Register now to attend this important event!