The US government has unveiled “Shields Ready,” an initiative aimed at fortifying critical infrastructure sectors against potential disasters, physical assaults, and cyberattacks, stressing the imperative of robust recovery capabilities in the face of disruptions. Collaboratively led by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA), the initiative urges readiness and preparedness across 16 vital sectors, acknowledging the inevitability of incidents and emphasizing continued service delivery.
Jen Easterly, CISA Director, highlighted the interdependency of these sectors and underscored the need for preparedness, extending from schools and hospitals to water facilities, ensuring their resilience to respond and recover from disruptions. The evolving threat landscape, encompassing severe disasters like wildfires and the COVID-19 pandemic, alongside cyber incidents, underscores the urgency for robust defense strategies within critical infrastructure.
The Shields Ready initiative represents a shift from the “Shields Up” campaign, focusing on comprehensive preparedness rather than reactive measures against specific threat intelligence. Michael Hamilton of Critical Insight stressed the imminent nature of threats, hinting at heightened risks evident in global warnings to industrial control and critical infrastructure providers.
While Shields Ready offers a toolkit and guidelines for critical infrastructure providers, the voluntary and informational nature of these recommendations poses challenges, noted Tom Guarente of Armis. He highlighted the campaign’s emphasis on situational awareness and information sharing but pointed out the absence of regulatory impetus, expressing uncertainty about its practical outcomes.
Danielle Jablanski from Nozomi Networks highlighted the complexity of tailoring guidelines for each critical infrastructure sector, noting the unique security challenges and variations in risk management across sectors. Recognizing the diverse nature of critical infrastructure, she emphasized the need for sector-specific strategies rather than a one-size-fits-all approach.
Amidst efforts to onboard industry leaders, there’s recognition that security expenditures are often viewed as business costs. Michael Hamilton stressed the potential necessity of punitive actions to drive implementation of recommendations, emphasizing the impact of holding executives accountable for their companies’ performance during crises or cyber incidents. He highlighted executive negligence as a focal point likely to galvanize industry attention and action, reminiscent of recent instances such as the SolarWinds incident.
