The US government’s Cybersecurity and Infrastructure Security Agency (CISA) is expanding its managed cybersecurity services to critical infrastructure entities in a bid to further safeguard key platforms.
The organization said its security project had proved a significant success so far, and that expanding it will not only help stress-test its capabilities but also take the load off security teams struggling to keep up with ever-intensifying attacks.
In a press release, CISA said it had started deploying its Protective Domain Name System (DNS) Resolver to pilot participants. Before that, the program was only available to federal civilian agencies.
Target Rich, Resource Poor
“It is a proven, cost-effective solution that uses U.S. government and commercial threat intelligence to prevent systems from connecting to known or suspected malicious domains,” CISA explains. “Since 2022, CISA’s Protective DNS service has successfully blocked nearly 700 million connection attempts from federal agencies to malicious domains across the globe and continues to reduce the risk of the most common cyber risks like ransomware, phishing and malicious redirects.”
Now, CISA will expand its offering to “Target Rich, Resource Poor” critical infrastructure entities which will not only help these organizations, but also stress-test CISA’s service delivery mechanisms, demonstrating its ability to acquire, deploy, and operate cybersecurity services at scale. Furthermore, CISA expects the offering to result in greater insight into the evolving threat environment, as well as the establishment of a “common baseline of cyber protection”. Finally, reduced frequency and impact of cyberattacks is expected, too.
Organizations being brought into the fold operate in the healthcare, water, and K-12 education sectors. “This year, we plan to deliver services to up to 100 entities,” CISA concluded.
The project also includes hosting roundtables and information sessions with critical infrastructure firms in every region and across all sectors. The goal is to understand each individual firm’s needs and challenges, and to identify gaps in existing capabilities. “The insights obtained through these discussions and as a result of the Protective DNS pilot will inform our effort to better serve our nation’s critical infrastructure organizations,” the organization concluded.
Via The Record