Why CISA is extending cyber support to ‘resource poor’ organizations

A digital padlock pictured on a circuit board
(Image credit: Getty Images)

The US Cybersecurity & Infrastructure Security Agency (CISA) has launched a pilot program to provide cyber security services to non-federal critical infrastructure organizations.

The agency is leveraging new capabilities granted by the US Congress to extend protections usually restricted to federal civilian government departments across private and public sector entities that are “most in need of support”.

In a statement announcing the program’s launch, CISA pointed to the increased volume and impact of attacks against the country’s critical infrastructure sectors.

In a statement announcing the program’s launch, CISA pointed to the increased volume and impact of attacks against the country’s critical infrastructure sectors.

Since 2022, this service has successfully blocked around 700 million connection attempts from federal agencies to malicious domains, according to CISA, while also mitigating the risks from attack methods such as ransomware and phishing.

CISA’s Protective DNS service is highly scalable and resource efficient, which it said is an important factor for participating bodies who are described by CISA as “target high, resource poor”, referring to the disparity between the volume of attacks these organizations receive and their capacity to protect against them.

The critical infrastructure entities expected to participate in the programme will include organizations spanning the healthcare, water, and K-12 education sectors, with CISA planning on extending their services to up to 100 organizations in 2023.

Congress’ decision to give CISA the authority to begin deployments in non-federal entities underlines a growing concern around the nature and quantity of cyber attacks being observed, as well as concerns over how well institutions can deal with emerging threats.

State-aligned actors are wreaking havoc

In its blog, CISA raised the physical impact of attacks on critical infrastructure and the groups that carry out such attacks, recalling the ransomware attack on the corporate network of Colonial Pipeline that wrought havoc for weeks in 2021.

Another more recent attack of this nature was from threat actors Volt Typhoon targeted organizations spanning the communications, manufacturing, utility, transportation, construction, government, and education sectors.

This group is thought to be a state-sponsored threat actor based in China, and its modus operandi focuses on espionage and information gathering. 

Ken Dunham, director of cyber threat at Qualys, told ITPro that the rising threats posed by sophisticated, state-aligned groups is a serious cause for concern. 

"The global threatscape is getting increasingly complicated with more interdependencies and shared responsibilities of nested infrastructure of legacy, cloud and mobile,” he said. 

“Furthermore, nation-state threats have more visibility than ever before, with recent notable breaches like that of SolarWinds, designed to affect the supply chain and downstream targets.”

Trying to distinguish between financially motivated threat actors and ideologically motivated ones is difficult, according to Dunham.


Rear facing image of man sat in dark tech lab using VR headset and gloves

(Image credit: Trend Micro)

The near and far future of ransomware business models

Combat ransomware actors and discover how you can prepare for future changes in the criminal business models


“Many nation-state means and motives are financially motivated, further complicating tools, tactics, and procedures (TTPs), making it difficult to differentiate some attack vectors and attribution,” he explained.

“These groups have much to gain from intellectual property to cyber influence and power, to large-scale financial theft and are capable of funding and weaponizing such efforts to notable levels, as seen in recent events.”

Threats against government organizations and critical infrastructure have prompted governments around the world to heighten their preparedness for what many believe to be an eventuality; a disastrous attack which knocks critical services offline. 

In its Annual Review the UK’s National Cyber Security Centre (NCSC) warned of the ‘enduring and significant’ threat to the country’s critical infrastructure, in part due to increased activity from state-aligned groups.

The NCSC claims it has observed an increase in ideologically motivated threat actors, “a new class of cyber adversary”, citing details of the Snake malware that is a common feature in espionage operations attributed to Russia’s Federal Security Services (FSB).

Earlier in 2023, the UK government released a study warning that a successful attack against critical national infrastructure could have the same devastating impact as a biological or chemical warfare attack

Solomon Klappholz
Staff Writer

Solomon Klappholz is a Staff Writer at ITPro. He has experience writing about the technologies that facilitate industrial manufacturing which led to him developing a particular interest in IT regulation, industrial infrastructure applications, and machine learning.