CISA Launches Ransomware Warning Pilot for Critical Infrastructure

WhataWin/Getty Images

The new pilot program will enable “timely risk reduction” by alerting critical infrastructure owners and operators of vulnerabilities within their systems that are susceptible to ransomware attacks.

The Cybersecurity and Infrastructure Security Agency publicly announced on Monday that it has established a pilot program to identify vulnerabilities within critical infrastructure systems that are known to be exploited by ransomware groups and threat actors. 

According to CISA, the ransomware vulnerability warning pilot—or RVWP—will “identify organizations with internet-accessible vulnerabilities commonly associated with known ransomware actors by using existing services, data sources, technologies and authorities, including our free Cyber Hygiene Vulnerability Scanning service.”

The RVWP first began on Jan. 30, when CISA contacted 93 organizations “identified as running instances of Microsoft Exchange Service with a vulnerability called ‘ProxyNotShell,’ which has been widely exploited by ransomware actors.”

“This initial round of notifications demonstrated the effectiveness of this model in enabling timely risk reduction as we further scale the RVWP to additional vulnerabilities and organizations,” CISA said. 

The pilot program was created in response to the Cyber Incident Reporting for Critical Infrastructure Act, or CIRCIA, a 2022 law that required CISA “to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments” to the agency. CISA said the RVWP would be “coordinated by and aligned with the Joint Ransomware Task Force,” an interagency body that was also established by CIRCIA. 

"Ransomware attacks continue to cause untenable levels of harm to organizations across the country, including target rich, resource poor entities like many school districts and hospitals,” Eric Goldstein, CISA’s executive assistant director for cybersecurity, said in a statement. “The RVWP will allow CISA to provide timely and actionable information that will directly reduce the prevalence of damaging ransomware incidents affecting American organizations.”

The Biden administration’s outlined cyber priorities have been geared, in part, toward mitigating the threat posed by ransomware to critical services across the country—attacks that, as Goldstein noted, have indiscriminately targeted individuals, organizations, pipelines and schools. 

The White House’s national cybersecurity strategy, released on March 1, called ransomware “a threat to national security, public safety and economic prosperity,” and outlined steps for the federal government to take—including “bolstering critical infrastructure resilience to withstand ransomware attacks”—to better deter cybercriminals. 

President Joe Biden’s fiscal year 2024 federal budget request, released last week, also proposed $3.1 billion in funding for CISA next year—a $145 million increase to the agency’s current budget. The budget document noted that “this includes $98 million to implement the Cyber Incident Reporting for Critical Infrastructure Act.”