Skip to content

Illustration by Security Management

CISA Announces Global Strategy To Address Critical Infrastructure Threats

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released its first international strategy on Thursday in a commitment to work with international partners to address risks and threats to critical infrastructure.

“There are no borders to the cyber risks we face, and now—more than ever—we must work together,” said CISA Acting Director Brandon Wales. “CISA Global describes how we will engage with international partners to build CISA’s capacity and strengthen our ability to defend against cyber incidents, enhance the security and resilience of critical infrastructure, identify and address the most significant risks to critical functions, and provide seamless and secure emergency communications.”

Wales unveiled the strategy at an event hosted by the Busines Council for International Understanding (BCIU). In his remarks, he detailed the four goals of the strategy for the agency that is part of the U.S. Department of Homeland Security (DHS): advancing international cooperation, building partner capacity, strengthening collaboration through stakeholder engagement and outreach, and shaping the global policy ecosystem.

“Promoting robust international collaboration is instrumental to accomplishing the department’s cybersecurity objectives as threats in cyberspace are not constrained by borders,” Wales wrote in the strategy’s opening message. “Similarly, U.S. critical infrastructure is increasingly interconnected and dependent on global infrastructure, supply chain, and systems whose cybersecurity practices and maturity can vary widely.”

The release of CISA’s international strategy comes during a month when components of U.S. critical infrastructure have been pushed to the forefront of the nation’s attention during the COVID-19 pandemic.

In early February, a hacker gained access to a Florida city’s water treatment plant and was able to click through controls to attempt to change the water supply’s sodium hydroxide levels. An operator spotted the activity and was able to take immediate action, returning the sodium hydroxide to its normal level, according to WIRED, which spoke with Pinellas County Sheriff Bob Gualtieri.

“In a follow-up call with WIRED, Gualtieri said that the hacker appears to have compromised the water treatment plant’s TeamViewer software to gain remote access to the target computer, and that network logs confirm the operator’s mouse takeover story,” WIRED reported. “But the sheriff had little else to share about how the hacker accessed TeamViewer or gained initial access to the plant’s IT network. He also provided no details as to how the intruder broke into the so-called operational technology network that controls physical equipment in industrial control systems and is typically segregated from the Internet-connected IT network.”

In mid-February and into this week, Texas’ critical infrastructure took center stage as the U.S. state’s electric grid failed to function during an unprecedented winter storm. Millions of Texans were without power as equipment froze and the Electric Reliability Council of Texas (ERCOT) shut off power in response to warning signs that energy supplies were dropping off the grid, according to The Texas Tribune.

“As natural gas fired plants, utility scale wind power, and coal plants tripped offline due to the extreme cold brought by the winter storm, the amount of power supplied to the grid to be distributed across the state fell rapidly,” the Tribune reported. “At the same time, demand was increasing as consumers and businesses turned up the heat and stayed inside to avoid the weather.”

ERCOT officials said they made the decision to cut power to avoid a catastrophic failure of the system that would have resulted in months-long outages.

“It needed to be addressed immediately,” said Bill Magness, president of ERCOT. “It was seconds and minutes [from possible failure] given the amount of generation that was coming off the system.”

Part of the reason that the ERCOT-run system was in this situation was because of decisions made years previously by authorities to create an electric grid that was not connected to other U.S. states or Mexico.

“Energy and policy experts said Texas’ decision not to require equipment upgrades to better withstand extreme winter temperatures, and choice to operate mostly isolated form other grids in the United States left the power system unprepared for the winter crisis,” according to the Tribune. “Policy observers blamed the power system failure on the legislators and state agencies who they say did not properly heed the warnings of previous storms or account for more extreme weather events warned of by climate scientists.”