CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

CISA Unveils Upcoming Cybersecurity Strategic Plan

The Cybersecurity & Infrastructure Security Agency (CISA) has released its 2024-2026 Cybersecurity Strategic Plan, which the agency says will change the trajectory of our national cybersecurity risk by focusing not just on how to defend but developing metrics to measure progress.

 

The plan is centered on three goals that go beyond simple expectations and instead spell out specific measures of effectiveness, primarily that the cybersecurity work undertaken is in fact, making the country more secure.

 

“We will measure improvements in our time-to-detect adversary activity; in the time-to-fix Known Exploited Vulnerabilities; in adoption of our Cybersecurity Performance Goals; in the number of government entities using the secure DOTGOV domain, to name only a few – in fact, we have nearly 30 measures of effectiveness throughout the Strategic Plan,” said Eric Goldstein, Executive Assistant Director for Cybersecurity. “Many of these measures are hard, both to measure and to achieve. But we must show value to our stakeholders and show impact to every American if we are to achieve the more secure future we collectively seek.”

 

The 36-page plan does not specifically list the metrics CISA will use to measure the success of each goal, but in most cases simply broadly notes the areas for which it will develop measurements.

 

Here is a top-down view of what CISA has planned.

 

Goal 1: Address Immediate Threats

CISA will make it increasingly difficult for adversaries to achieve their goals by targeting American and allied networks. The agency pledges to work with partners to gain visibility into the breadth of intrusions targeting our country, enable the disruption of threat actor campaigns, ensure that adversaries are rapidly evicted when intrusions occur, and accelerate mitigation of exploitable conditions that adversaries recurringly exploit.

 

The document notes the cybersecurity community in general, CISA included, lacks visibility of necessary breadth and depth into cybersecurity threats and adversary campaigns, a situation that must be changed.

 

“We will achieve this visibility by all available means: through our own sensors and capabilities; by leveraging commercial and public data sources, and by partnering with the private sector, government agencies, and international allies,” CISA states.

 

CISA will measure success by building a coalition that leverages all available capabilities — federal and those of our partners.

 

One issue CISA will prioritize is pre-existing vulnerabilities and security weaknesses in critical infrastructure and government networks. Long-term this task will be accomplished by insisting security be baked in during product development.

 

To have an immediate impact, the agency will take steps to reduce the prevalence of exploitable vulnerabilities by providing authoritative instruction on prioritized mitigations, hunting for exploitable vulnerabilities in domestic networks, and using all possible levers to widely publicize and drive remediation.

 

By doing so, CISA believes it will gain a persistent understanding of vulnerabilities across the nation’s critical infrastructure and government networks to enable more timely remediation before intrusions occur.

 

CISA will measure the effectiveness of these actions by the reduction in the time-to-remediate known exploited vulnerabilities across critical infrastructure and government networks, an increase in the percentage of recommendations from CISA’s vulnerability and risk assessments adopted by assessed organizations, and the reduction in the number of vulnerabilities disclosed without appropriate coordination or provision of necessary mitigations.

 

CISA also recognizes that no single organization can effectively manage, understand, and address the breadth of cyber incidents and threats facing our country. Using the Joint Cyber Defense Collaborative and its expanding regional teams, CISA will serve as an integrator and force multiplier, bringing together government, private sector, and international partners to measurably reduce cyber risk.

 

The success of this endeavor will be judged by an increase in the volume of unique, timely, and relevant information shared by industry or government partners through CISA’s collaboration channels, an increase in specific actions codified in cyber defense plans adopted by industry and government partners, and an increase in post-incident after-action reports demonstrating that actions developed in cyber defense plans reduced negative outcomes.

 

Goad 2: Hardening the Terrain

CISA will take on the role of cybersecurity mentor, enabling organizations to get the most out of their finite security budget by informing, guiding, and driving the adoption of the most impactful cybersecurity measures by first understanding how attacks occur — not just the initial access, but how the attacker exploited a web of unsafe technology products and inadequate security controls to achieve their objective. 

 

CISA will base this guidance on its visibility into federal civilian executive branch systems, its partners’ visibility into critical infrastructure systems, insights from the research community, and incident reporting. Such reporting is voluntary today and supplemented by mandatory reporting under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) in future years.

 

CISA’s goal is to increase the percentage of recommendations in its guidance and directives directly based on specific data showing how adversaries successfully execute intrusions and the most effective mitigations to stop attacks.

 

In addition to mentoring security activities, CISA will provide accurate, actionable, and achievable guidance to help organizations prioritize investment in controls and mitigations that address how attacks actually occur and how adversaries are evolving. For federal civilian executive branch agencies, we will fully exercise our directive authorities to drive toward a common security baseline and execute agency improvement plans to address tailored gaps.

 

The third leg of this goal has CISA providing cybersecurity capabilities and services that fill gaps and help measure progress for federal agencies and for highly targeted but resource-poor organizations, where limited resources and sustained adversary interest provide a compelling justification for government assistance to the degree our authorities allow.

 

Goal 3: Drive Security at Scale

The final goal focuses on ensuring products are safe from cyberattacks before being released to the public and private sectors. CISA will concentrate on defining exactly what it means for a technology product to be safe and secure, collaboratively developing guidance and technical criteria to help customers choose safe products and manufacturers to deliver accordingly.

 

Recognizing that technology manufacturers will need to prioritize areas for improvement, we will take a data-driven approach to identify those practices that drive down the most risk and address entire classes of attacks, such as using memory-safe coding languages.

 

Some of the yardsticks used to measure success here are:

  • To see an increase in the number of technology providers that have published detailed threat models, describing what the creators are trying to protect and from whom.
  • A measurable increase in the number of technology providers that have regularly and publicly attested to the implementation of specific controls in the Secure Software Development Framework (SSDF).
  • Boosting the number of technology providers that have published a commitment to ensure that product CVE entries are correct and complete.

 

“Through the implementation of this strategy, we will first focus our efforts and energy to ensure our core cybersecurity functions are executed to the greatest effect. We must get the fundamentals right,” CISA concluded. “We will optimize our cyber defense operations to identify, prevent, and address acute threats and vulnerabilities, and mitigate incidents more quickly. We will provide innovative shared services to directly address risks as well as actionable and practical guidance that helps defenders prioritize investments to address the most likely and impactful threats.”

 

CISA-Plan-GovermentLinkhttps://www.trustwave.com/en-us/capabilities/by-industry/government/

 

Latest Trustwave Blogs

Unlocking the Power of Offensive Security: Trustwave's Proactive Approach to Cyber Defense

Clients often conflate Offensive Security with penetration testing, yet they serve distinct purposes within cybersecurity. Offensive Security is a broad term encompassing strategies to protect...

Read More

Behind the Scenes of the Change Healthcare Ransomware Attack Cyber Gang Dispute

Editor’s Note – The situation with the Change Healthcare cyberattack is changing frequently. The information in this blog is current as of April 16. We will update the blog as needed. April 16, 2024:...

Read More

Law Enforcement Must Keep up the Pressure on Cybergangs

The (apparent) takedown of major ransomware players like Blackcat/ALPHV and LockBit and the threat groups’ (apparent) revival is a prime example of the Whack-a-Mole nature of combating ransomware...

Read More