emergency responseEmergency Response
CONTACT

Home | CISA & Partners Issue ‘Actions for Critical Infrastructure Leaders’ Fact Sheet Amid Growing Volt Typhoon Threat

CISA & Partners Issue ‘Actions for Critical Infrastructure Leaders’ Fact Sheet Amid Growing Volt Typhoon Threat

March 20, 2024 | By / Par : Virtual Guardian
Share: linked intwitter

CISA—along with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and other U.S. government and international partners—released a major advisory on Feb. 7, 2024 warning cybersecurity defenders of the urgent risk posed by People’s Republic of China (PRC) state-sponsored cyber actors known as “Volt Typhoon.” 

In this warning about critical business risk for every organization in the U.S. and allied countries, the authors asserted that Volt Typhoon has been pre-positioning themselves on U.S. critical infrastructure organizations’ networks to enable disruption or destruction of critical services in the event of increased geopolitical tensions and/or military conflict with the United States and its allies.

As the threat continues to grow, more recently on March 19, 2024, CISA and partners released a supporting fact sheet to provide leaders of critical infrastructure entities with guidance to help prioritize the protection of critical infrastructure and functions, urging leaders to recognize cyber risk as a core business risk, deeming it both necessary for good governance and fundamental to national security.

In summary, the fact sheet emphasizes the importance of using intelligence-informed prioritization tools, effectively applying detection, and hardening best practices, investing in cybersecurity training and skill development, and developing comprehensive security plans that include activities like conducting regular tabletop exercises.

Additionally, the fact sheet details suggestions for securing n organization’s supply chain, which includes increased vendor risk management and greater attention to selecting vendors who deliver secure and resilient systems that include design practices with an eye toward security.

Vendor scrutiny is only one aspect of driving a cybersecurity culture within organizations. The fact sheet provides the following bullet points for creating such a culture:

  • “Encouraging collaboration between IT, OT, cloud, cybersecurity, supply chain, and business units to align security measures with business objectives and risk management strategies.
  • Championing organizational cybersecurity risk assessments and audits to identify vulnerabilities and gaps in the security posture.
  • Engaging with external cybersecurity experts and advisors for independent assessments and guidance tailored to your organization and performing GAP analysis on findings.
  • Increasing awareness of social engineering tactics and facilitating a culture which encourages incident reporting.”

The fact sheet concludes with tips for Incident Response and additional information and resources.

Virtual Guardian highly recommends your organization review the “PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders” fact sheet in its entirety at cisa.gov:

https://www.cisa.gov/resources-tools/resources/prc-state-sponsored-cyber-activity-actions-critical-infrastructure-leaders

Be a Contributor

Become a Guest Blogger with Virtual Guardian!

Do you have an idea for our next blog or want to suggest a hot topic for Behind the Shield? Tell us what you want to know!

rss feed icon

Latest Government News

Can’t focus on the many threats to your business?

Let our 24/7 SOC, powered by IBM Security’s QRadar, safeguard your organization.