Not long ago, President Joe Biden passed an Executive Order encouraging the initiation of stronger cybersecurity reforms across the public and private sectors in the country. It was specifically aimed at closing the gaps and fixing the loopholes that have been invariably exploited by the threat actors in the recent past. Biden particularly referenced this towards the SolarWinds incident and a plethora of ransomware attacks that hit U.S. hospitals at the far end of 2020 and has since been on an upward tilt. In line with this executive order and with an intent to immediately address the ransomware menace, NIST’s National Cybersecurity Center of Excellence (NCCoE) has released a preliminary draft titled “Cybersecurity Framework Profile for Ransomware Risk Management” that is currently open for public comments.
Ransomware Risk Management
The ransomware risk management profiling established in this draft is based on NIST’s cybersecurity framework version 1.1, and is built on the core functions to identify, protect, detect, respond, and recover. Each function is further divided into several sub-categories and selected informative references, which then guide the implementation to achieve the objective of each core function. NIST has additionally mentioned how ransomware can affect each core function of the Cybersecurity Framework and how to effectively manage a ransomware risk in each of these instances.
Among the basic measures listed in this draft by NIST, the most common yet effective recommendations against any form of cyberattack include an antivirus solution, up-to-date patch application, role-based access control (RBAC), backup and restore plan, etc. However, one of the most important steps for recovery from a ransomware attack is an incident recovery plan, which the NIST highlights and says, “could be a part of a continuity plan as well.”
According to NIST, the said Ransomware Profile is intended and applicable for organizations that:
- Have already adopted the Cybersecurity Framework.
- Are familiar with the Cybersecurity Framework and want to improve their risk posture.
- Are unfamiliar with the Cybersecurity Framework but need to implement a risk management framework to meet ransomware threats.
The first draft of the ransomware profile will be open for comments until July 9, 2021, post which it will undergo changes and/or additions based on the recommendations and will be released again for further comments. Only after this, the final version of the Ransomware Risk Management document will be published for broader implementation.