The Cybersecurity and Infrastructure Security Agency (CISA) is looking to add a “select number” of critical infrastructure (CI) partnerships with industry to its CyberSentry program, CISA Associate Director for Threat Hunting Jermaine Roebuck wrote in a June 29 blog post.
CyberSentry is a CISA-managed threat detection and monitoring capability, governed by an agreement between CISA and voluntarily participating CI partners. CISA is looking to partner with additional CI organizations who operate systems supporting national critical functions.
“Facing such a challenging threat environment, we must focus our efforts on a two-pronged strategy of defense – on driving adoption of strong cybersecurity measures, and on ensuring effective visibility into cyber threats targeting our nation’s critical infrastructure,” Roebuck wrote in the blog. “The second line of effort, in particular, is what I want to talk about today.”
“Right now, we are able to achieve a portion of this visibility by partnering with critical infrastructure organizations and cybersecurity companies, forging and maintaining crucial relationships with our partners for the betterment of our nation,” Roebuck continued, adding, “But for some of the nation’s most critical entities, we need to do more. And that leads us to CyberSentry.”
Through unique partnerships with industry, CISA is able to supply commercial detection capabilities that enable the operational use of sensitive information prior to broader dissemination to the cybersecurity community; allow CISA’s analysts to correlate threat activity targeting multiple CI entities and understand evolving campaigns; and provide participating entities with access to their own CyberSentry dashboard, enabling integration into the partner’s cyber operations.
CyberSentry monitors for both known and unknown malicious activity affecting information technology and operational technology networks by leveraging “trusted partnerships between CISA and each participating organization for mutual benefit and the benefit of critical infrastructure entities nationwide.”
The CISA official wrote that CyberSentry’s recent successes include examples like the SolarWinds response and the Colonial Pipeline disruption.
“CISA is looking to partner with a select number of additional Critical Infrastructure organizations who operate systems supporting National Critical Functions – functions so vital to the United States that their disruption, corruption, or dysfunction would have a debilitating effect on our Nation,” Roebuck wrote.
“As malicious cyber activity continues to evolve, and nation state actors continue to aggressively target National Critical Functions, CyberSentry’s capabilities and critical partnerships directly enhance CISA’s goal of a stronger collective defense for our Nation,” he concluded.
