Cybersecurity in the US is facing a perfect storm of challenges.
Nation-state cyberattacks continue to escalate. CISA is operating at 35% of its normal capacity. The Cybersecurity Information Sharing Act of 2015 (CISA 2015) just expired – and with the government shut down, we can’t know when it will be updated.
But all is not lost. Here’s what you can do to weather the storm.
CISOs Currently Lack Federal Support
The fewer resources CISA has at its disposal, the more limited its ability to provide guidance and support to businesses and CISOs. Modern cyber defense operates on a 'see one, tell many' principle. When a power company in Texas detects an attack, for example, CISA typically alerts energy operators nationwide within hours. Right now, CISA can't do that as effectively.
The lapse of CISA 2015 presents a similar challenge. The law provided liability protection for companies sharing cyber threat data. Now that it's expired, organizations would be understandably reluctant to share that information, further weakening the US’s cybersecurity ecosystem.
Nation-state cybercriminals read shutdown announcements just like we do. They know CISA's workforce has been gutted. They know the information-sharing law has lapsed. This is a rare window of opportunity for them, and they are unlikely to pass it up.
CISOs must now operate under the assumption that federal support is unavailable. That CISA threat bulletin you normally receive within hours of a new vulnerability? It might take days or not come at all. The coordinated response to a sophisticated attack? You're coordinating it yourself now. MSPs protecting critical infrastructure clients need to understand they've become the front line by default.
Combatting AI-Driven Misinformation
Before we go on, it’s worth mentioning that this kind of situation is fertile ground for AI-driven misinformation. Bad actors could deliberately create a network of false websites and online content, designed to spread inaccurate information about vulnerabilities and threats.
Considering AI tools crawl and aggregate that content, it’s not inconceivable that organizations could end up relying on deliberately false or misleading information. Misinformation campaigns such as these could have devastating consequences, lulling organizations into a false sense of security and lowering their defenses at the worst possible time.
This is what makes trusted, curated sources of information and guidance so important. Industry groups, standard bodies, and vendors can play this role, but only if they maintain a commitment to transparency and credibility.
Leveraging Industry Partnerships and Communities
Fortunately, CISOs don’t have to go it alone. Industry communities and consortiums can – and must - step up to fill the void left by reduced government resources.
Groups like the SANS Internet Storm Center (ISC), the Center for Internet Security (CIS), and sector-specific forums like the Financial Services Information Sharing and Analysis Center (FS-ISAC) provide alternative sources of threat intelligence, best practices, and guidance. CISOs must tap into these peer networks to crowdsource solutions and learn from the experiences of others.
Empowering Internal Security Teams
Although external help is valuable, it’s easy to forget the internal resources we have at our disposal. As a CISO, you have a wealth of security personnel in your team – with federal support lacking. There’s never been a better time to tap into their insights and experiences.
By encouraging knowledge sharing and creative problem-solving within your organization, you can leverage your team’s insight and expertise to stay informed and responsive, even when external resources are scarce.
Relying on Cybersecurity Vendors
Cybersecurity vendors also play a crucial role here. Now more than ever, vendors need to step into their role as trusted partners, not just service providers – and CISOs need to lean on them more. Rather than just selling products, vendors must leverage their deep visibility into threats to inform and advise their customers. However, transparency is key: vendors must be upfront about their capabilities and limitations.
In times of uncertainty, misinformation can thrive. It can seem like you’re searching in the dark without a flashlight, with no reputable source to turn to. However, there are options for users to navigate, and there is no reason to be lost. With strategic, proactive policies that are centered on making your own decisions – specifically when support may not be available - the options and potential solutions you need in a time of crisis will be at hand.
