Local experts stressed that current awareness and mitigation measures are still insufficient.
The American Cybersecurity Expert Council (CSAC), which regularly advises the US Cybersecurity and Infrastructure Protection Agency (CISA), proposed at a recent closed-door meeting the idea of creating a National Cybersecurity Alert System.
The Board, led by former National Director of Cybersecurity Chris Inglis, highlighted the urgent need for a system that would provide up-to-date information on current cyber threats.
The system should provide information on the current degree of cyber risk at the national level, possibly using a numerical or color scale. Existing CISA reports and warnings, according to the council, do not provide a complete understanding of changes in threat types or national cyber risk.
Inglis also pointed out in advance the challenges that CISA might face in creating such a system. In particular, the agency "currently lacks the analytical ability and unique data sources to reliably create a national cybersecurity alert system."
The "Shields Up" campaign, also implemented by CISA in early 2022, was cited as an example of the effectiveness of such systems. According to Inglis, this campaign provided organizations with valuable information about cyber threats.
Creating a warning system may be relevant against the backdrop of new cybersecurity laws that require organizations to report significant cyber incidents.
The warning system will differ from the new rules of the Securities and Exchange Commission (SEC), which are aimed at informing investors. While the main goal of the new system will be to strengthen cyber resilience and ensure the reliability of the digital infrastructure.
The Board recommends that CISA work closely with other agencies and organizations to identify the types of information that will be useful in the new alert system.
CSAC also suggested that the system should operate on a layered model, in which certain warnings will not be made public and will be provided only to those organizations, structures and agencies that need it.
Inglis stressed that the term "operational" should be inextricably linked to the idea of warnings, so that the system does not turn into another useless color scale that can be ignored.
In general, CSAS aspirations are understandable, because effective communication about current threats should allow companies and organizations to better understand the vector of possible attacks and respond to cyber incidents in a timely manner. But only time will tell whether CISA will be able to implement such a system.
The American Cybersecurity Expert Council (CSAC), which regularly advises the US Cybersecurity and Infrastructure Protection Agency (CISA), proposed at a recent closed-door meeting the idea of creating a National Cybersecurity Alert System.
The Board, led by former National Director of Cybersecurity Chris Inglis, highlighted the urgent need for a system that would provide up-to-date information on current cyber threats.
The system should provide information on the current degree of cyber risk at the national level, possibly using a numerical or color scale. Existing CISA reports and warnings, according to the council, do not provide a complete understanding of changes in threat types or national cyber risk.
Inglis also pointed out in advance the challenges that CISA might face in creating such a system. In particular, the agency "currently lacks the analytical ability and unique data sources to reliably create a national cybersecurity alert system."
The "Shields Up" campaign, also implemented by CISA in early 2022, was cited as an example of the effectiveness of such systems. According to Inglis, this campaign provided organizations with valuable information about cyber threats.
Creating a warning system may be relevant against the backdrop of new cybersecurity laws that require organizations to report significant cyber incidents.
The warning system will differ from the new rules of the Securities and Exchange Commission (SEC), which are aimed at informing investors. While the main goal of the new system will be to strengthen cyber resilience and ensure the reliability of the digital infrastructure.
The Board recommends that CISA work closely with other agencies and organizations to identify the types of information that will be useful in the new alert system.
CSAC also suggested that the system should operate on a layered model, in which certain warnings will not be made public and will be provided only to those organizations, structures and agencies that need it.
Inglis stressed that the term "operational" should be inextricably linked to the idea of warnings, so that the system does not turn into another useless color scale that can be ignored.
In general, CSAS aspirations are understandable, because effective communication about current threats should allow companies and organizations to better understand the vector of possible attacks and respond to cyber incidents in a timely manner. But only time will tell whether CISA will be able to implement such a system.
