Yesterday, the U.S. Department of Homeland Security's (DHS's) Cybersecurity and Infrastructure Security Agency (CISA) kicked off its 3rd Annual National Cybersecurity Summit 2020 with Day One: Key Cyber Insights. CISA Director, Christopher Krebs (mullet and all) delivered the keynote. Day One examined a broad range of ‘Key Cyber Insights’ focusing on what CISA and their partners have seen occur, what they predict for the near future, and how we can all prepare. Among the compelling and informative presentations, three stood out as being the most relevant for WaterISAC members:
- Operationalizing ATT&CK Through CISA Alerts highlighted how CISA’s deployment teams leverage MITRE ATT&CK® during many of their engagements such as assessments and adversary hunting. The presentation provides a great overview for organizations looking to enhance cyber operations and/or prioritize risk management activities.
- Cybersecurity Maturity – Snapshot of 2019 was presented by our partners at MS-ISAC and provided an enlightening overview of the results from the 2019 Nationwide Cybersecurity Review (NCSR). The NCSR is a no-cost self-assessment that allows State, Local, Tribal, and Territorial (SLTT) Government entities to measure their cybersecurity maturity against the NIST Cybersecurity Framework (CSF). Whether your organization participated in the NCSR or not, the results can be used to prioritize actions and for roadmap planning to improve cybersecurity posture. SLTT members are encouraged to avail themselves to this review, along with other MS-ISAC tools.
- Cybersecurity Best Practices for Industrial Control Systems covered top cybersecurity considerations, including threat impacts and defense recommendations for ICS organizations based on CISA assessments. The presentation was based on the report of the same name that was previously covered in the Security & Resilience Update for May 26, 2020. Additionally, a comprehensive overview was provided on the many tools, resources, and services available for critical infrastructure partners from CISA and the Department of Energy.
Members who were not able to attend the sessions are encouraged to review the recordings and presentation materials for more insights on securing our nation. Access all presentations and resources for Day One at CISA.