[HN Gopher] CISA Releases Its Cybersecurity Strategic Plan ___________________________________________________________________ CISA Releases Its Cybersecurity Strategic Plan Author : freedude Score : 19 points Date : 2023-08-07 20:48 UTC (2 hours ago) (HTM) web link (www.cisa.gov) (TXT) w3m dump (www.cisa.gov) | Animats wrote: | It's disappointing, and too broad. A more useful plan might have | things like this: | | * Identify risks that can kill people. Strongly isolate systems | where risk exists. Assume a hostile capability at the StuxNet | level. | | * Beef up black start capability for energy grids, so that in the | event of a major failure, power is 90% back up in an hour. Test | this annually. | | * Stock up on long lead time items, especially HV grid | transformers. | | * Systems which handle other people's money must have continuous | backups to write-once media and be able to 99% recover from a | total loss of online data within 24 hours. | | * Telecommunications systems must be capable of a cold restart | from a known good state for 90% of users within one hour, 99% | within 24 hours. | icegreentea2 wrote: | I don't think CISA has anything close to the powers required to | compel that level of top down action. This strategic plan has | clearly been crafted to be at least somewhat attainable given | their current remit and capabilities. | toomuchtodo wrote: | Indeed. They're a security awareness arm of DHS. Frameworks, | photo ops, pdf flyers. No teeth. | freedude wrote: | Link to Actual Plan [.pdf] | | https://www.cisa.gov/sites/default/files/2023-08/FY2024-2026... ___________________________________________________________________ (page generated 2023-08-07 23:00 UTC)