United Front: How CISA, Microsoft, and Google are Fortifying Cyber Defenses for free and Empowering Rural Hospitals, Nonprofits and many others

I am thrilled to see organizations and cyber teams uniting to combat cyber threats together! Alongside CISA's diverse array of free or low-cost cybersecurity tools (see below), Microsoft and Google have also stepped up to support our critical infrastructure such as rural hospitals and non profit organization, providing immense value to our society. Please find the links to the CISA free tools below.

As per article in NextGov Microsoft and Google will commit free and low-cost cybersecurity resources to some 2,100 rural hospitals across the U.S. as part of a White House-led initiative to bolster the healthcare sector’s cybersecurity posture. Microsoft will offer grants and discounts of up to 75% on security products tailored for smaller care centers, as well as larger rural hospitals already using the company’s services. It will also provide its most advanced security suite for free for one year, offer gratis cybersecurity assessments for qualified providers and provide training for hospital staff.

In parallel, Google will offer free endpoint security consulting and stand up a funding pool to assist hospitals with software migration. It will also launch a pilot program to help the hospitals develop customized security packages that address their unique infrastructure needs.

CISA provides a curated list of free cybersecurity services and tools from both CISA and various private and public sector organizations. Key offerings include:

1. CISA's No-Cost Services: These help build and maintain a strong cyber framework.

2. External Free Services and Tools: A variety of free resources to advance security capabilities.

3. Top Services: Connect with Regional Cybersecurity Advisors, sign up for Cyber Hygiene Services, and utilize Cybersecurity Performance Goal assessments.

For more details, visit https://www.cisa.gov/resources-tools/resources/free-cybersecurity-services-and-tools

Free services are:

1. Cyber Hygiene Services

CISA provides a suite of proactive services designed to help organizations improve their cybersecurity posture. 

1.1 Vulnerability Scanning:Continuous scans of public, static IPv4s to identify accessible services and vulnerabilities. Provides weekly reports and ad-hoc alerts.

1.2 Web Application Scanning: Evaluates publicly accessible web applications for vulnerabilities and misconfigurations.Includes monthly detailed reports and on-demand evaluations.

1.3 Additionally, CISA recommends you further protect your organization by identifying assets that are searchable via online tools and taking steps to reduce that exposure. Get your Stuff Off Search - S.O.S. - and reduce Internet attack surfaces that are visible to anyone on web-based search platforms.

These services are available at no cost to federal, state, local, tribal, territorial governments, and public and private sector critical infrastructure organizations.

2. Cybersecurity Exercises

To help organizations prepare for and respond to cyber incidents, CISA conducts various exercises. These exercises simulate real-world scenarios to test and improve the effectiveness of cybersecurity plans and procedures. The exercises are designed to foster collaboration and improve incident response capabilities across sectors.

Cybersecurity Scenarios: Provides realistic scenarios to help organizations prepare for and respond to cybersecurity threats (Ransomware Attack, Insider Threat,Phishing Attack,Detailed Resources guidance. CISA's cybersecurity scenarios focus on threat vectors like ransomware, insider threats, phishing, and industrial control system compromises. These scenarios are part of the Tabletop Exercise Packages (CTEPs) and are designed to help organizations prepare for and respond to various cyber threats. Each scenario includes detailed situation manuals, which provide a comprehensive guide for conducting exercises tailored to specific sectors such as healthcare, elections, and critical manufacturing.

Tabletop Exercise Packages (TTX): free to use and customizable with such as Facilitator Guide, Participant Handbook, Situation Manuals , After-Action Report/Improvement Plan Template for cyber but also cyber-physical convergence scenarios. CISA's Cybersecurity Scenarios provide a series of detailed manuals for conducting tabletop exercises across various sectors, such as healthcare, education, critical manufacturing, and more. These scenarios focus on different cyber threat vectors including ransomware, insider threats, phishing, and industrial control system compromises. Each manual includes objectives, scenarios, and discussion questions to guide organizations in testing and improving their cybersecurity preparedness.

For detailed manuals and further information, visit the page https://www.cisa.gov/resources-tools/resources/cybersecurity-scenarios 

3. Cybersecurity Resources and Publications

CISA publishes a range of resources, including best practices, toolkits, and guidance documents. These materials cover various aspects of cybersecurity, such as securing critical infrastructure, election security, and protecting against threats like phishing, ransomware, and malware.

Shields Up:  Shields Up is a campaign encouraging organizations and individuals to adopt heightened cybersecurity postures.

4. Alerts and Advisories

CISA regularly issues alerts and advisories to inform organizations about current security issues, vulnerabilities, and exploits. This timely information helps organizations stay informed and take necessary actions to protect their systems and data.

5. Partnerships and Collaboration

CISA emphasizes the importance of partnerships between the public and private sectors. By fostering information sharing and collaboration, CISA aims to enhance the collective cybersecurity posture and resilience of critical infrastructure.

6. Automated Indicator Sharing (AIS)

The free Cyber Threat Information Sharing (CTIS) and Automated Information Sharing (AIS) program enables real-time exchange of cyber threat indicators between the federal government and the private sector. This helps participants rapidly identify and mitigate cyber threats.