New Cybersecurity Performance Goals published

The United States is attempting to make it simpler for businesses and organizations to strengthen their cybersecurity in the face of an increase in cyberattacks intended to impair their operations, steal their data, and or extort ransom payments.

The new Cybersecurity Performance Goals were unveiled on October 27th by representatives from the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency (CISA), who described them as vital but optional tools that will aid businesses and organizations in making better decisions. U.S. officials have been urging the public to "Shields Up" for months due to an increasingly deadly and complicated threat environment in cyberspace, which was sparked in part by Russia's invasion of Ukraine earlier this year.

Additionally, they have brought attention to cyberattacks carried out by Iran and North Korea and have issued a warning that both state-sponsored and non-state actors are increasingly scanning for and aiming their attacks at important U.S. infrastructure, including airports, water, and electric companies, and businesses that provide services to the public. These strikes follow a string of denial-of-service attacks that occurred earlier in October.

Moreover, private cybersecurity firms have foreshadowed an increase in attacks against institutions of higher learning as well as healthcare providers. Although some larger U.S. businesses and organizations have been able to allocate time, money, and other resources to address the escalating concerns, U.S. officials are worried that others have not.

Small and medium-sized businesses, hospitals, and school systems are among the institutions that CISA is particularly concerned about because they are frequently referred to by officials as target-rich but resource-poor because they lack the funding and resources necessary to protect their systems and data from hackers. According to officials, the new rules, which include checklists and focus on important topics like account security, training, incident reporting, response, and recovery, are intended to lessen the workload. The officials added that they expect the goals to evolve and alter as the danger does.

The newly unveiled goals "were developed to represent a minimum baseline of cyber security measures that if implemented, will reduce not only risk to critical infrastructure but also national security, economic security, and public health and safety," said CISA Director Jen Easterly, calling them a "quick start guide." Many of the new objectives, particularly those affecting how state and local officials oversee U.S. elections, are already receiving help, according to CISA.

"We've been working with them to implement several of these best practices, as well as ensuring that they have the tools and resources and the capabilities to ensure the security and resilience of election infrastructure," Easterly told reporters Thursday. "I've met with election officials even just over the past few days … and they all expressed confidence in particular in the cybersecurity across all of their systems."

Furthermore, CISA announced on Thursday that $1 billion in funding will be made available over the following four years to American states and territories that require additional assistance. The grants were initially announced last month and are intended to assist safeguard vital infrastructure in the United State