CISA and FBI’s Joint Fact Sheet to Critical Infrastructure Leaders about Volt Typhoon
On 19 March 2024, the US Cybersecurity and Infrastructure Security Agency (CISA) – along with the National Security Agency (NSA), Federal Bureau of Investigation (FBI) and ‘international partners’ – released a joint fact sheet titled ‘The People’s Republic of China (PRC) State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders’.
A fact sheet for chief executives of critical infrastructure leadership warned of the imminent threat of a ‘PRC-sponsored advanced persistent threat’ named ‘Volt Typhoon,’ who ‘is or will likely seek to position themselves on IT systems within LOTL [living off the land] techniques to prepare for disruptive or destructive cyber activity against US critical infrastructure in the event of a future crisis or conflict with the US.’
The fact sheet details specific steps that can be taken to safeguard organizations against this threat activity1. CISA and its partners invite the leaders of critical infrastructure organizations to review the guidance highlighted in the joint fact sheet to mitigate against this threat—additional resources for Volt Typhoon activity.
Actions to Critical Infrastructure Leaders
In the fact sheet, the following are some of the actions recommended by the CISA and FBI to the critical infrastructure leaders to protect their organizations from Volt Typhoon cyber attacks:
Make Informed and Proactive Resourcing Decisions
Help your cybersecurity teams make the best resource-allocation decisions to detect and defend against volt typhoon and other cyber intrusions. Strategic investment should be prioritized, and intelligence should be driven to fill specific gaps and detect cyber attacks. In addition, effective detection and hardening best practices should be used, and the cybersecurity teams should provide adequate cybersecurity training. Develop information security plans to respond to such incidents effectively and perform regular tabletop exercises.
Secure Your Supply Chain
Make sure that good risk management policies are in place to reduce risk to the lowest level possible in the event of a compromise. This can involve having good vendor risk management procedures in place to control risk related to third parties and ensuring your team with procurement responsibility does the right things.
Drive a Cybersecurity Culture
Encourage liaison among IT, OT, cloud, cybersecurity, supply chain, and business units to ensure that the internal teams collaborate to reflect the organization’s cyber goals. Initiate and conduct in-house and external cybersecurity risk assessments and audits to identify gaps, contract external cybersecurity experts and consultants to conduct independent assessments, and maintain a greater awareness of the tactics used in social engineering.
Cyber attacks on global organizations are increasing, and organizations need to take necessary measures and stay vigilant to thwart such attacks.
For more cybersecurity news and updates, follow us on Cybersecurity – The SOC Labs.
Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The SOC Labs assumes no liability for the accuracy or consequences of using this information.
Discover more from The SOC Labs
Subscribe to get the latest posts sent to your email.