‘Governments should adopt comprehensive cybersecurity’ The SolarWinds hack of the software supply chain, as well as the recent ransomware attack against Colonial Pipeline, the critical energy infrastructure company, has elevated the importance of governments adopting a risk-based approach to cybersecurity.
Not long after disclosing the SolarWinds attack, the United States Cybersecurity and Infrastructure Security Agency (CISA) announced its Systemic Cyber Risk Reduction Venture. This is an effort to develop actionable metrics and quantify cybersecurity risk across the US’s critical infrastructure sectors, focusing on the relationship between threat, vulnerability, and consequence.
Shortly after this, the UK’s National Cyber Security Centre (NCSC) provided advice and guidance to security teams and IT companies on what actions they should take to minimize the impact on them and their customers. Using tools such as the Cyber Information Sharing Programme (CiSP), they shared technical information on assessing if an organization was at risk and what actions they should take if they were. The industry and government initiative allowed UK organizations to share cyber threat information in a secure and confidential environment, providing organizations the ability to detect early warning of cyber threats and access to free network monitoring reports tailored to organizations’ requirements.