National Security Council Director of Critical Infrastructure Cybersecurity Jonathan Murphy told attendees at CyberTalks in Washington, DC, on Nov. 16 that the anticipated rewrite of Presidential Policy Directive 21 (PPD-21) will emphasize CISA’s role in coordinating infrastructure security.
“We’re looking across all of those 16 infrastructure sectors to identify where levers exist to enable the federal government to have positive, reliable outcomes, set down cybersecurity requirements for those critical infrastructure sectors,” Murphy added.
Haphazard cybersecurity across the nation’s infrastructure has been highlighted in alarming fashion over the past few years by high-profile incidents ranging from the Colonial Pipeline hack to more recent reports of mass infiltration of networks by Russia- and China-backed hackers. The administration’s NCS implementation plan, released this year, outlines more than 65 “high impact” initiatives, ranging from increased sharing of threat intelligence to encouraging mass adoption of secure-by-design principles in software and hardware.
There are 22 energy organizations in Denmark that were successfully compromised in a coordinated cyber-attack in 2023 using a CISA Known Exploited Vulnerability (CISA KEV).
Watch out for those CISA KEV "Cyber-icebergs" they can ruin your day.