A Year of Vigilance and Innovation, Triumphs of CISA in 2023
In its fifth year on the cybersecurity frontier since its establishment in 2018, the Cybersecurity and Infrastructure Security Agency (CISA) reflects on the past year, delving into its pivotal role in safeguarding the digital landscape with a review of 2023.
Looking ahead to 2024, CISA forewarns of an evolving threat landscape. The agency underscores the persistent challenges posed by advanced threat actors such as China, which continue to target critical infrastructures. Additionally, the rapid advancement of artificial intelligence looms on the horizon, presenting opportunities for both defenders and malicious actors.
Central to CISA’s strategy is the concept of ‘partnership,’ emphasizing the collaborative foundation that underpins their efforts. In this review, CISA not only highlights the achievements of 2023 within the cyber realm but also candidly presents the unembellished facts of their endeavors. Through this, CISA aims to inspire a more cohesive and cooperative approach while navigating the landscape of cybersecurity.
CISA’s 2023 Cybersecurity Odyssey
In alignment with its mandate as the operational lead for federal cybersecurity, CISA achieved significant milestones in 2023, underscoring its commitment to fortifying digital defenses. Here are the highlights of what CISA did in 2023:
Mitigated 14 Million Known Exploited Vulnerabilities:
- Identified and addressed more than 14 million vulnerabilities across federal government networks.
- Accelerated non-federal partner mitigation timelines by 36 days compared to the previous year.
In lockstep with CISA’s proactive stance on cybersecurity, which continuously highlights significant vulnerability threats through alerts and offers guidance via its Known Exploited Vulnerabilities (KEV) Catalog, SOCRadar XTI platform actively monitors the growing vulnerability landscape. Aligning with CISA’s objectives, our platform provides in-depth details on vulnerabilities and exploits, ensuring you stay well-informed about potential risks.
Expanded Protective Domain Name System (PDNS) Service:
- Onboarded 97 agencies onto the PDNS service, blocking 900 million malicious connections.
- Extended PDNS capabilities to critical infrastructure organizations, with over 20 organizations onboard and nearly 100 in the deployment process.
Strengthened Vulnerability Disclosure Policy:
- Onboarded 46 agencies onto the Vulnerability Disclosure Policy Platform.
- Successfully identified and remediated 1,054 confirmed vulnerabilities before exploitation.
Contributed Open Source Tools:
- Released new open-source tools, including Secure Cloud Business Applications tools for Microsoft and Google services.
Issued Binding Operational Directives:
- Issued BOD 23-01 and BOD 23-02, enhancing asset visibility across federal agencies and the remediation of exposed Network Management Interfaces.
Advanced Endpoint Protections Deployment:
- Deployed advanced endpoint protections to nearly 50 federal agencies, covering over 900,000 devices.
Effective Incident Response:
- Led responses to significant incidents, including the compromise of Microsoft Exchange Online, resulting in systemic changes to enhance cloud security.
In addition, CISA prioritized engagement and cybersecurity efforts in “target-rich” sectors like water and wastewater, K-12 education, and healthcare. Recognizing the challenges these sectors face, CISA conducted nearly 6,700 stakeholder engagements with both government and private sector participants in 2023.
For a comprehensive understanding of the threats facing education and healthcare sectors, SOCRadar’s Education and Healthcare Threat Landscape Reports can provide vital intelligence to guide organizations in safeguarding their systems.
For concise, insightful reports on the current threats faced by various industries, visit SOCRadar Labs’ Industry Threat Landscape Report page.
CISA’s Many Recourses to Combat Cyber Threats
CISA’s unwavering commitment to fortifying the digital landscape is exemplified through proactive initiatives aimed at mitigating ransomware threats and promoting a “Secure by Design” ethos.
In its Pre-Ransomware Notification Initiative, CISA notified thousands of organizations about potential intrusions and vulnerabilities. This early warning system has allowed entities to take preventive measures, averting millions of dollars in potential impacts and safeguarding public health and safety.
Another key facet of CISA’s strategy is the Ransomware Vulnerability Warning Pilot (RVWP), which conducted over 1,700 notifications to organizations, including hospitals, water utilities, K-12 school districts, and election jurisdictions.
In a previous blog post, we highlighted the various resources that CISA has launched to help counteract ransomware threats, including the RVWP.
Furthermore, CISA, in collaboration with US and international partners, published an updated version of its Secure by Design paper in October 2023. In November 2023, CISA took this initiative a step further with the release of the “Secure by Design Alerts” series, highlighting instances where vulnerabilities or intrusion campaigns could have been prevented through vendors adopting secure design principles.
Forging Cybersecurity Fortitude through Collaboration
CISA, steadfast in its commitment to collaboration and partnership, made significant strides in fortifying national cybersecurity in 2023. With over 240 Cybersecurity Performance Goals (CPGs) assessments across its 10 regions, CISA provided clear and concise cybersecurity recommendations for organizations of all sizes and sectors.
The Joint Cyber Defense Collaborative (JCDC), under CISA’s leadership, orchestrated a focused effort in 2023 to secure open-source software in Operational Technology and Industrial Control Systems. The Open Source Software Security Roadmap, which outlines a strategic path forward marked by transparency, collaboration, and innovation in the cybersecurity landscape, was released in September 2023. Also, CISA’s Joint Cybersecurity Advisories, involving JCDC partners, delivered 48 trusted advisories in 2023. Co-sealed products with countries like South Korea, Germany, Israel, France, and Japan ensured broad cybersecurity information dissemination.
Moreover, leading the national charge to secure critical infrastructure, CISA collaborated extensively with the critical infrastructure community. In August 2023, CISA initiated a broad campaign promoting resilience across critical infrastructure. A linchpin of this initiative was the November launch of Shields Ready – an encouragement for the critical infrastructure community to prioritize and fortify their resilience efforts.
In adherence to CIRCIA (the Cyber Incident Reporting for Critical Infrastructure Act), CISA received 782 notifications, swiftly deploying resources and sharing critical information with network defenders. These resources encompass #StopRansomware advisories, intelligence on specific threat actors, and more. This partnership-driven approach aids in assisting impacted entities, analyzing trends, and warning potential victims.
You can search for and access such comprehensive information about malicious actors also by using SOCRadar XTI’s Threat Actor/Malware page. The platform features an extensive knowledge base on identified threat actors and malware, delivering insights into their recent activities, associated campaigns, and Indicators of Compromise (IOCs).
CISA’s AI Roadmap
As artificial intelligence (AI) continues to permeate the cybersecurity domain, both as a tool for defense and a weapon for threat actors, its prevalence has become increasingly pronounced. In this context, CISA’s proactive initiatives in AI are crucial for steering the trajectory of AI’s role in enhancing cybersecurity and mitigating potential threats.
On November 14, 2023, CISA marked another significant milestone by publishing its Roadmap for Artificial Intelligence, followed by the release of Guidelines for Secure AI System Development (in collaboration with the UK’s National Cyber Security Centre). This comprehensive plan aligns with the national strategy, aiming to harness the positive potential of AI to bolster cybersecurity capabilities. The roadmap also emphasizes the need to safeguard AI systems from cyber threats and deter malicious actors from exploiting AI capabilities to target critical infrastructure.
Conclusion
In a year of vigilance and innovation, CISA’s 2023 cybersecurity journey shines vibrantly. Their achievements have been monumental, from addressing 14 million known vulnerabilities to fortifying critical infrastructures. As we commemorate these accomplishments, it is important to remember that cybersecurity is a collaborative effort. Collaboration is essential for the security of the digital realm. CISA takes the lead and guides us into 2024.
This blog post summarizes CISA’s 2023 milestones, which set the path for a resilient future. As we navigate the threat-filled landscape, SOCRadar XTI stands by, offering advanced CTI solutions for a strong security posture.