The US cyber security authority CISA has launched a program in which it scans critical infrastructures for vulnerabilities that are vulnerable to ransomware attacks. At the end of January, the IT security experts launched the Ransomware Vulnerability Warning Pilot (RVWP) program.
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), signed by US President Biden in March 2022, obliges CISA to set up the RVWP. The basic idea behind this is that many cyber attacks are based on known vulnerabilities, which the perpetrators then use to break into networks, for example.
Problem: updates not installed
Businesses and organizations can reduce the attack surface by installing readily available updates to patch known security vulnerabilities. This drastically reduces the likelihood of becoming a victim of ransomware. However, most institutions appear to be unaware that a vulnerability that ransomware backers exploit exists in their network, CISA said in its RVWP program announcement.
“CISA leverages existing authorities and technology to identify IT systems that exhibit vulnerabilities that often arise in the context of ransomware attacks. Once CISA identifies affected systems, our regional cyber security staff notifies system owners of the security gaps found and thus enable damage to be averted at an early stage before harmful break-ins occur,” explains CISA the procedure that has now been implemented.
It’s not just the United States that has instructed its top IT security authority to take preventive protective measures for networks and critical infrastructures. At the end of last year, the United Kingdom’s cyber security authority also started nationwide scanning of networks for vulnerabilities.
(dmk)
To home page
