CISA is building an automated ransomware warning program

Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency (CISA), announced plans to launch an automated vulnerability warning program by year’s end. This initiative, mandated by the Cyber Incident Reporting for Critical Infrastructure Act of 2022, is currently in a pilot phase and aims to mitigate ransomware attacks by alerting organizations about exploitable software vulnerabilities.

Speaking at an event hosted by the Institute for Security and Technology, Easterly detailed that the program uses vulnerability scanning tools to inform businesses of security weaknesses needing urgent patching. Since its inception in January last year, the pilot program has issued 2,049 warnings and has expanded to leverage CISA’s database of known exploited vulnerabilities and typical misconfigurations associated with ransomware attacks.

The Daily Scoop Podcast is available every Monday-Friday afternoon.
If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on Apple Podcasts, Google Podcasts and Spotify.