CISA and International Partners Release New Network Security Guidance

Strengthening Global Defences

In a significant move towards strengthening global cybersecurity frameworks, the Cybersecurity and Infrastructure Security Agency (CISA),  in collaboration with the Federal Bureau of Investigation (FBI), has unveiled new guidance titled "Modern Approaches to Network Access Security."

This initiative sees a convergence of efforts from international partners including New Zealand’s Government Communications Security Bureau (GCSB), New Zealand’s Computer Emergency Response Team (CERT-NZ), and the Canadian Centre for Cyber Security (CCCS).

This newly released guidance underscores the urgent need for businesses of all sizes to transition to more advanced security solutions, such as Zero Trust, Secure Service Edge (SSE), and Secure Access Service Edge (SASE).

These frameworks aim to enhance visibility into network activities and mitigate risks associated with traditional remote access and VPN configurations, which have become increasingly vulnerable in the face of sophisticated cyber threats.

CISA's Cross-Sector Cybersecurity Performance Goals (CPGs) play a crucial role in this initiative. These goals represent a common set of protections that all critical infrastructure entities—from large to small—should implement to meaningfully reduce the likelihood and impact of known risks and adversary techniques. 

Developed through extensive consultation with industry, government, and experts, the CPGs provide a baseline set of cybersecurity practices with high-impact outcomes, serving as a benchmark for critical infrastructure operators to measure and improve their cybersecurity maturity.

By adopting these practices, small- and medium-sized organisations can prioritise essential security actions, thus kickstarting their cybersecurity efforts. The CPGs are unique as they address both individual and national risks, combining recommended practices for information technology and operational technology owners.

Last year, under the leadership of Home Affairs Minister Clare O’Neil, the Australian Federal Government unveiled its vision for the proposed National Cyber Security Strategy, focusing on a holistic approach towards cyber security adding resources including tailored strategies on education for small and medium businesses. 

Released on November 22, 2023, the 2023-2030 Australian Cyber Security Strategy aims to position Australia as a global leader in cybersecurity by 2030.

‍

‍

The strategy emphasises six key cyber shields: strong businesses and citizens, safe technology, world-class threat sharing and blocking, protected critical infrastructure, sovereign capabilities, and resilient regional and global leadership.

The Australian Government has taken concrete steps by appointing a Cyber Coordinator lead by military intelligence veteran Michelle McGuinness In charge to responding to major cyber incidents and by enhancing cyber incident reporting through Project REDSPICE. The one-stop shop at cyber.gov.au simplifies incident reporting, making it easier for businesses to meet their regulatory obligations.

The release of guidance by CISA and its international partners marks a positive step towards concerted global cybersecurity cooperation.

This collaborative approach helps establish a unified framework for network access security, enhances threat intelligence sharing, and promotes the adoption of cutting-edge security models. As businesses worldwide grapple with evolving threats, adherence to this guidance is crucial in safeguarding network access and maintaining robust security postures.