[HN Gopher] CISA Releases Its Cybersecurity Strategic Plan
___________________________________________________________________
CISA Releases Its Cybersecurity Strategic Plan
Author : freedude
Score : 19 points
Date : 2023-08-07 20:48 UTC (2 hours ago)
(HTM) web link (www.cisa.gov)
(TXT) w3m dump (www.cisa.gov)
| Animats wrote:
| It's disappointing, and too broad. A more useful plan might have
| things like this:
|
| * Identify risks that can kill people. Strongly isolate systems
| where risk exists. Assume a hostile capability at the StuxNet
| level.
|
| * Beef up black start capability for energy grids, so that in the
| event of a major failure, power is 90% back up in an hour. Test
| this annually.
|
| * Stock up on long lead time items, especially HV grid
| transformers.
|
| * Systems which handle other people's money must have continuous
| backups to write-once media and be able to 99% recover from a
| total loss of online data within 24 hours.
|
| * Telecommunications systems must be capable of a cold restart
| from a known good state for 90% of users within one hour, 99%
| within 24 hours.
| icegreentea2 wrote:
| I don't think CISA has anything close to the powers required to
| compel that level of top down action. This strategic plan has
| clearly been crafted to be at least somewhat attainable given
| their current remit and capabilities.
| toomuchtodo wrote:
| Indeed. They're a security awareness arm of DHS. Frameworks,
| photo ops, pdf flyers. No teeth.
| freedude wrote:
| Link to Actual Plan [.pdf]
|
| https://www.cisa.gov/sites/default/files/2023-08/FY2024-2026...
___________________________________________________________________
(page generated 2023-08-07 23:00 UTC)