The critical infrastructure of the US nation is under constant threat from cybercriminals. This fact has been underscored by the Office of the Director of National Intelligence’s 2023 Threat Assessment, which highlights the potential capabilities of countries like China and Russia to disrupt critical infrastructure services within the United States via cyber-attacks.
In response to this escalating threat landscape, a dual-pronged strategy of defense is being adopted. This strategy emphasizes the implementation of robust cybersecurity measures and the enhancement of visibility into cyber threats targeting critical infrastructure.
The focus today is on the latter aspect of this strategy.
At present, visibility into these threats is partially achieved through collaborations with critical infrastructure organizations and cybersecurity companies. These partnerships are instrumental in strengthening the nation’s cybersecurity defenses.
However, for some of the nation’s most critical entities, there is a need for more comprehensive measures. This is where the CyberSentry Program comes into the picture.
The mission of the CyberSentry Program can be summarized as follows: Through unique industry partnerships, the program is able to provide commercial detection capabilities that offer three key benefits:
- It enables the operational use of sensitive information before it’s widely disseminated to the cybersecurity community.
- It allows analysts to correlate threat activity targeting multiple critical infrastructure entities and understand evolving campaigns.
- It provides participating entities with access to their own CyberSentry dashboard, integrating it into the partner’s cyber operations.
The CyberSentry Program operates under an agreement between CISA and voluntarily participating critical infrastructure partners. It supports sensing and monitoring for both information technology (IT) and operational technology (OT) networks, adding significant value to the national mission and the enterprise cybersecurity efforts of partners.
The CyberSentry Program has already achieved several successes, including:
- Detection of an infection on a partner’s Human Machine Interface (HMI) equipment that hadn’t been properly patched and secured.
- Identification of cleartext authentication occurring on a partner’s network due to a misconfiguration.
- Coordination with pipeline partners during the Colonial Pipeline disruption to share information and monitor adversary activity.
- Quick identification of partners affected by the SolarWinds supply chain compromise using CyberSentry data.
- Discovery and identification of malware in a partner’s IT network.
- Detection of an attacker actively exfiltrating information.
As cyber threats continue to evolve and nation-state actors aggressively target National Critical Functions, the capabilities and critical partnerships of the CyberSentry Program directly enhance the goal of a stronger collective defense for the nation.
The program is looking to partner with additional Critical Infrastructure organizations who operate systems supporting National Critical Functions – functions so vital to the United States that their disruption, corruption, or dysfunction would have a debilitating effect on the nation.
For more information, visit newly launched CyberSentry webpage.
Source: CISA
