iscover
The US agency has published new guidance for critical infrastructure organisations threatened by foreign influence campaigns.
The Cybersecurity and Infrastructure Security Agency (CISA) has released a new guide — Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure.
The guide is designed to provide critical infrastructure owners and operators with insights on how to identify and mitigate the risks of influence operations leveraging mis-, dis-, and mal-information (MDM) narratives.
“Recently observed foreign influence operations abroad demonstrate that foreign governments and actors can quickly employ sophisticated influence techniques to target American audiences with the goal of disrupting US critical infrastructure and undermining US interests,” CISA noted in a statement.
“This CISA Insight is intended to raise awareness amongst critical infrastructure owners and operators on the risks of such influence operations.”
The new guide outlines a number of steps organisations can take to bolster resilience to MDM, including ensuring swift co-ordination in information sharing and communicating accurate and trusted information.
Other recommendations outlined by CISA include:
- designating an individual to oversee the MDM incident response process and associated crisis communications;
- establishing roles and responsibilities for MDM response, including responding to media inquiries, issuing public statements, communicating with staff, and engaging the stakeholder network;
- ensuring communication systems are set up to handle incoming questions — ensuring phones, social media accounts, and centralised inboxes are monitored by multiple people on a rotating schedule to avoid burnout;
- Identifying and training staff on reporting procedures to social media companies, government, and/or law enforcement;
- Considering internal co-ordination channels and processes for identifying incidents, delineating information sharing and response.
CISA director Jen Easterly noted the importance of shoring up cyber defences amid the deteriorating global geopolitical environment, making particular reference to ongoing tensions in eastern Europe.
“We need to be prepared for the potential of foreign influence operations to negatively impact various aspects of our critical infrastructure with the ongoing Russia-Ukraine geopolitical tensions,” Easterly said.
“We encourage leaders at every organisation to take proactive steps to assess their risks from information manipulation and mitigate the impact of potential foreign influence operations.”
