Skip to Content

DHS Releases Cross-Sector Cybersecurity Performance Goals

Updated on 2022-10-27: DHS Releases Cross-Sector Cybersecurity Performance Goals

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has released cybersecurity performance goals and metrics designed to help entities in multiple industrial sectors improve their cybersecurity posture. While the goals were developed with critical infrastructure organizations in mind, other private sector companies could benefit from them as well. The documents include best practices for eight areas, including account security, device security, vulnerability management, and supply chain/third party security. CISA has set up a discussion page to receive feedback on the goals.

Note

  • Improving cybersecurity of critical infrastructure is a national priority. Current fragmented efforts by each industry sector point to the need for a common and prioritized set of safeguards to achieve a baseline cybersecurity posture. The CIS Critical Security Controls, starting with implementation group 1 are measurably effective against the top five attack types being used against every industry sector.
  • The Cybersecurity Performance Goals (CPGs) are intended to be a fast-start guide to implementing the larger NIST CSF and are intended to be broadly applicable. CISA and NIST would like to see all organizations leverage the CSF, which is intended to not only be cross-sector and cross-industry relevant, but also maps to multiple security frameworks (NIST, ISO, etc.) NIST is setting up a discussions website, leveraging GitHub discussions, for feedback on the CPGs. See the NIST cross-sector CPG site: https://www.cisa.gov/cpg for the goals as well as links to the discussion site.
  • Whether or not an enterprise is “critical infrastructure organization,” if it attaches to the public networks, it becomes a part of our collective infrastructure and should behave accordingly.

Read more in

Overview: CISA’s Critical Infrastructure Cybersecurity Sector Focus for 2023: Water, Hospitals, K-12

Speaking to an audience at the Mandiant mWISE cybersecurity conference last week, Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly said that her agency will concentrate on the water, health, and education sectors over the next year, three areas of focus that are identified as being “target-rich, resource-poor entities.” IN 2020, CISA identified 16 critical infrastructure sectors that need cybersecurity attention. The education sector is not included in that list, but it is a broad target and often hit with ransomware attacks. Easterly also said that CISA plans to publish cross-sector cybersecurity performance goals, developed with the National Institute of Standards and Technology (NIST), next week.

Note

  • This continues the focus on critical infrastructure, as promised. This also focuses on the model that these critical sector components are tight on resources and funding, which hopefully will either result in low-cost guidance and/or funded services to help raise the bar without creating a regulatory impossible dream. If nothing else, guidance can be leveraged to help self-assessments to a risk-based approach to making (affordable) improvements.

Read more in

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.