Ransomware Vulnerability Warning Pilot Program

Advisory Details

Issue Date:

March 27, 2023
Importance

Medium High
Summary

Ransomware Vulnerability Warning Pilot Program
Systems Impacted

All organizations designated as ‘Critical Infrastructure’
PDF Download

The Cybersecurity and Infrastructure Security Agency (CISA) announced a program to warn critical infrastructure organizations of exposure to exploitable vulnerabilities.

The Ransomware Vulnerability Warning Pilot (RVWP) launched on January 30, 2023. The program is authorized by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) signed into law in March 2022.
RVWP will use existing services, data, authorities, and technologies to warn critical infrastructure organizations of exposed vulnerabilities and the risk of being exploited.
The RVWP is focused on the designated critical infrastructure, but other organizations are allowed to opt-in to this CISA Vulnerability Scanning service.
The CISA regional staff will contact the organization by phone call or email. The CISA personnel may be verified by contacting the CISA Central: Central@cisa.gov or (888) 282-0870.
The notification will contain information related with the vulnerable system including the equipment manufacturer and model, the associated IP address, CISA’s method of detection, and recommended resolution.
An RVWP notification does not imply a compromise nor does the notification require action. An RVWP notification only means that CISA was able to detect the vulnerability.

Actions and/or Recommendations

Be aware of the impact of this CISA program especially if your organization is designated as a part of the critical infrastructure. Determine if you can take advantage of the RVWP to improve your organization’s cybersecurity posture. Mangan Cybersecurity can assist your organization to find the answers to these questions.

To find out more about we can help you manage these directives or shape your rate incentivized cybersecurity investments visit Mangan Cybersecurity at https://www.mangancyber.com.

About REAL Matters and Mangan Inc.

REAL Matters advisories are published to communicate cybersecurity threats and risks within the Operational Technology (OT) environment and where Critical Infrastructure vulnerabilities are identified. The purpose of this newsletter is to inform, propose suggested approaches to mitigate the risk as well as provide feedback on how Mangan Cybersecurity is approaching the issue(s) addressed.

Mangan Inc. is a nationally-recognized Specialty Engineering, Automation, and Integration company, providing a full-range of services to the Oil & Gas, Refining, Pipeline, Chemicals, and Life Sciences Industries. Established in Long Beach, California in 1990, Mangan’s multiple office locations include sites in California, Georgia, New Hampshire, North Carolina, Texas, and Louisiana. Mangan’s 350+ employee-owners bring expertise, innovation, and safety as their core mission to some of the largest companies in the world.

TSA pipeline cybersecurity planning, testing and mitigation.

OT cybersecurity threat analysis services.

Cybersecurity tolerance profiles for your organization.

Specifically developed to meet your organization’s objectives.

Alignment of your business risk tolerance, continuity, and budgets.

Coordination, assessments, evaluations, and remediation strategies for cybersecurity.

Time to recovery from a cyberattack is of the essence.

The heart of cybersecurity preparedness and proactivity.

Training specifically addressing OT cybersecurity concerns and approaches.

Navigate and develop your OT cybersecurity documentation and compliance.

Putting your plan into action with OT cybersecurity remediation services.

Ransomware Vulnerability Warning Pilot Program

Advisory Details

Actions and/or Recommendations

About REAL Matters and Mangan Inc.

What types of businesses need OT Cybersecurity?

Should an OT Cybersecurity Program be managed in-house or externally?

What are common challenges in OT Cybersecurity?