The Cybersecurity and Infrastructure Security Agency has issued an advisory on learnings from a red team cyberattack exercise and recommendations on countermeasures against the malicious activities simulated in the assessment. The exercise was conducted upon the request of a critical infrastructure organization, which also coordinated the release of the assessment, CISA said Thursday.
Titled “Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a U.S. Critical Infrastructure Sector Organization,” the 36-page advisory reported that the assessed organization lacked sufficient technical controls for preventing and detecting malicious activity. It was heavily dependent on host-based endpoint detection and response and had insufficient network layer protection, the exercise showed.
Software Security Challenge
Another learning from the red team activity highlighted the need for continuous staff training and support resources for implementing secure software platforms and detecting malicious activities.
The CISA advisory also lined up mitigation measures that software manufacturers should take to address the cybersecurity risks and challenges facing critical infrastructure owners and operators as demonstrated in the red team exercise.
The remedies that the agency suggests include software manufacturers’ adherence to CISA’s Secure by Design principles and embedding security into software architecture in the product’s entire development lifecycle.
To mitigate vulnerability to cyberattacks, the CISA document also recommends eliminating default passwords and mandating multi-factor authentication for privileged users.