US launches “Shields Ready” campaign to secure critical infrastructure

The US Department of Homeland Security (DHS), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Emergency Management Agency (FEMA) have announced the launch of the “Shields Ready” campaign to promote critical national infrastructure (CNI) security and resilience. Shields Ready focuses on broad, strategic strategies for preparing critical infrastructure organizations for potential disruption and building more resilience into systems, facilities, and processes. It complements CISA’s “Shields Up” campaign, which encourages critical infrastructure stakeholders to take specific, time-sensitive actions that reduce risk in response to specific threat intelligence during cyberattacks, physical security threats, or natural disasters in response to specific threat intelligence.

In May, research from cybersecurity services firm Bridewell revealed a surge in insider threats across US CNI as attackers exploit human factors. The research indicated that economic pressures and remote working could be increasing CNI insider threats while nation-state actors and ransomware attacks continue to pose significant risks.

Shields UP campaign outlines four key steps to CNI security and resilience

The Shields Ready initiative urges CNI providers to build more resilience into systems, facilities, and processes by taking action before a crisis or incident even occurs. It includes four key messages advising CNI organizations to:

• Identify their most critical systems and assets for their operations and understand their potential dependencies on other infrastructure systems that enable the continuity of their own operations.
• Consider the full range of threats and hazards that could disrupt infrastructure operations and evaluate specific vulnerabilities and consequences the threats and hazards could pose.
• Develop both a strategic risk management plan to reduce the risks and vulnerabilities identified as well as actionable incident response and recovery plans to help withstand disruptions and rapidly restore operations within minimal downtime.
• Exercise incident response and recovery plans under realistic conditions and periodically evaluate and update strategic plans.

“Tools and resources” for US critical infrastructure to respond to, recover from threats

US critical infrastructure entities – from schools to hospitals to water facilities – must have the tools and resources to respond to and recover from disruption, said Jen Easterly, CISA director. “By taking steps today to prepare for incidents, critical infrastructure, communities and individuals can be better prepared to recover from the impact of the threats of tomorrow and into the future.”

The Shields Ready campaign, spearheaded by CISA and supported by FEMA, will ensure that US critical infrastructure is better equipped and more resilient against all threats and hazards, ranging from cyberattacks to natural disasters, added Alejandro N. Mayorkas, secretary of Homeland Security. “By working with our partners and providing them with the tools they need for more effective risk management and incident response, DHS is building on its critical safety and security mission and meeting the challenges of today and tomorrow.”