資訊：CISA與合作伙伴發(fā)布應對網(wǎng)絡威脅的指南

CISA and partners release guide for civil society organisations to address cyber threats
CISA 與合作伙伴為民間社會組織發(fā)布應對網(wǎng)絡威脅的指南

The US Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI) and several international partners from the UK, Estonia, Canada, Japan, and Finland, released a guide on Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society.
美國網(wǎng)絡安全和基礎設施安全局 (CISA) 與國土安全部 (DHS)、聯(lián)邦調查局 (FBI) 以及來自英國、愛沙尼亞、加拿大、日本和芬蘭的幾個國際合作伙伴合作，發(fā)布了一份 《利用有限資源緩解網(wǎng)絡威脅：民間社會指南》。

This publication provides civil society organizations (CSOs) and individuals with recommended actions and mitigations to reduce the risk of cyber intrusions. Additionally, the guide encourages software manufacturers to implement security-by-design practices that are necessary to help protect vulnerable and high-risk communities.
本出版物為民間社會組織 (CSO) 和個人提供建議的行動和緩解措施，以降低網(wǎng)絡入侵的風險。此外，該指南鼓勵軟件制造商實施必要的設計安全實踐，以幫助保護脆弱和高風險社區(qū)。

‘These high-risk community organizations often lack cyber threat information and security resources. With our federal and international partners, we are providing this resource to help these organizations better understand the cyber threats they face and help them improve their cyber safety’, added Jen Easterly, Director of CISA.
“這些高風險社區(qū)組織往往缺乏網(wǎng)絡威脅信息和安全資源。我們與我們的聯(lián)邦和國際合作伙伴一起提供這一資源，以幫助這些組織更好地了解他們面臨的網(wǎng)絡威脅，并幫助他們提高網(wǎng)絡安全”，CISA 總監(jiān) Jen Easterly 補充道。

According to the guide, civil society, comprised of organizations and individuals—such as nonprofit, advocacy, cultural, faith-based, academic, think tanks, journalists, dissidents, and diaspora organizations, communities involved in defending human rights and advancing democracy—are considered high-risk communities. Authors note that often, these organizations and their employees are targeted by state-sponsored threat actors who seek to undermine democratic values and interests. Recommendations include regular software updates, adopting multi-factor authentication (MFA), and implementing the principle of least privilege to reduce vulnerabilities and others.
根據(jù)該指南，公民社會由組織和個人組成，例如非營利組織、倡導組織、文化組織、信仰組織、學術組織、智囊團、記者、持不同政見者和僑民組織、參與捍衛(wèi)人權和推進民主的社區(qū)，被視為高風險社區(qū)。作者指出，這些組織及其員工常常成為國家支持的威脅行為者的目標，這些威脅行為者試圖破壞民主價值觀和利益。建議包括定期軟件更新、采用多重身份驗證 (MFA) 以及實施最小權限原則以減少漏洞等。

CISA and partners also encourage software manufacturers to review and implement mitigations and practices to protect CSOs. In particular, the guide says software manufacturers should implement vulnerability management to eliminate entire classes of vulnerability in their products, enable MFA by default in all products, provide logging at no additional charge to the customer, and alert customers of suspicious behaviour on their networks; and include details of a secure by design concept in corporate financial reports.
CISA 和合作伙伴還鼓勵軟件制造商審查并實施緩解措施和實踐，以保護 CSO。該指南特別指出，軟件制造商應實施漏洞管理，以消除其產(chǎn)品中的所有類別的漏洞，在所有產(chǎn)品中默認啟用 MFA，向客戶免費提供日志記錄，并提醒客戶網(wǎng)絡上的可疑行為；并在公司財務報告中包含安全設計概念的詳細信息。