Activating Cyber Defense Around CISA’s Cross-Sector Cybersecurity Performance Goals

Nation-state threat actors continue to pursue critical infrastructure technologies. Last year Mandiant reported findings of custom-made tools that enable attackers to scan for, compromise and control certain industrial control systems (ICS) or supervisory control and data acquisition (SCADA) devices once they have established access in an operational technology (OT) network . As industrial and critical infrastructures become increasingly network-connected, this heightened threat sophistication enhances the need for updated cybersecurity guidance for critical infrastructure. The Cybersecurity and Infrastructure Agency (CISA), National Institutes of Standards and Technology (NIST) and the interagency community developed cybersecurity goals consistent across all critical infrastructure sectors.