CISA Funding for Critical Infrastructure Threat Hunting Cancelled

The program’s director at Lawrence Livermore National Laboratory (LLNL) told Congress today that government funding for a program that hunts for threats on America’s critical infrastructure networks expired on Sunday, shutting down all work on the program.

CyberSentry is a public-private partnership, managed by CISA, that looks for malicious activity on IT and operational technology (OT) networks in America’s energy, water, healthcare, and other critical facilities. This includes threats along the lines of China’s Volt Typhoon and Salt Typhoon intrusions — network activity that may look like, or even start as, espionage, but ultimately enables the digital invaders to backdoor critical orgs and deploy cyber weapons to aid in a kinetic war.

Critical infrastructure owners place sensors on their networks and engineers at LLNL evaluate threats in real time.

In a hearing about Stuxnet 15 years later, experts say it is only getting worse. Stuxnet, you may remember, is believed to have been a US-Israel partnership to disable Iran’s nuclear enrichment program and it did deal a very significant blow.

Dragos, a company that focuses on this kind of security, known as OT or operational technology security says it knows of nine OT-specific malware variants right now.

But on Sunday, one check on China and North Korea went dark because CISA did not renew the contract.

The Livermore team has had some success in the two short years it has been around.

This seems similar to CISA not funding the Common Vulnerability database a few months ago. That got a very short reprieve after CISA’s lack of foresight became public.

We will see what happens at Livermore.

Alternatively, you might want to stock up on batteries and candles.

Credit: The Register

by