The Cybersecurity and Infrastructure Security Agency (CISA) announced a program to warn critical infrastructure organizations of exposure to exploitable vulnerabilities.
- The Ransomware Vulnerability Warning Pilot (RVWP) launched on January 30, 2023. The program is authorized by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) signed into law in March 2022.
- RVWP will use existing services, data, authorities, and technologies to warn critical infrastructure organizations of exposed vulnerabilities and the risk of being exploited.
- The RVWP is focused on the designated critical infrastructure, but other organizations are allowed to opt-in to this CISA Vulnerability Scanning service.
- The CISA regional staff will contact the organization by phone call or email. The CISA personnel may be verified by contacting the CISA Central: Central@cisa.gov or (888) 282-0870.
- The notification will contain information related with the vulnerable system including the equipment manufacturer and model, the associated IP address, CISA’s method of detection, and recommended resolution.
- An RVWP notification does not imply a compromise nor does the notification require action. An RVWP notification only means that CISA was able to detect the vulnerability.
Actions and/or Recommendations
Be aware of the impact of this CISA program especially if your organization is designated as a part of the critical infrastructure. Determine if you can take advantage of the RVWP to improve your organization’s cybersecurity posture. Mangan Cybersecurity can assist your organization to find the answers to these questions.
To find out more about we can help you manage these directives or shape your rate incentivized cybersecurity investments visit Mangan Cybersecurity at https://www.mangancyber.com.
About REAL Matters and Mangan Inc.
REAL Matters advisories are published to communicate cybersecurity threats and risks within the Operational Technology (OT) environment and where Critical Infrastructure vulnerabilities are identified. The purpose of this newsletter is to inform, propose suggested approaches to mitigate the risk as well as provide feedback on how Mangan Cybersecurity is approaching the issue(s) addressed.
Mangan Inc. is a nationally-recognized Specialty Engineering, Automation, and Integration company, providing a full-range of services to the Oil & Gas, Refining, Pipeline, Chemicals, and Life Sciences Industries. Established in Long Beach, California in 1990, Mangan’s multiple office locations include sites in California, Georgia, New Hampshire, North Carolina, Texas, and Louisiana. Mangan’s 350+ employee-owners bring expertise, innovation, and safety as their core mission to some of the largest companies in the world.