This is the third article in a series examining the importance of mid-market companies in U.S. critical infrastructure and resources available to help secure them. The first article explained the important role mid-market companies play in critical infrastructure. To learn more about this intersection between mid-market companies and critical infrastructure, please take a few moments to check out the previous articles,
- “Does Your Mid-Market Company Qualify as Critical Infrastructure?” and
- “Critical Infrastructure: DHS Assistance for Mid-Market Companies.”
Why Cyber Defense is Critical for Growing Businesses
In today’s digital age, cybersecurity is no longer a luxury but a necessity. As cyber threats continue to evolve, mid-market companies find themselves increasingly vulnerable. These organizations, often resource-limited, face unique challenges that require robust cybersecurity measures to protect their assets and data.
As with physical security, there is help available from the Department of Homeland security Cybersecurity and Critical Infrastructure Agency (CISA). To learn more I reached out to Bob Kaminski, Cybersecurity Advisor for the Western Pennsylvania Region. Below, he sheds light on why cybersecurity is crucial for mid-market companies and how his work helps these businesses fortify their defenses.
The Growing Threat Landscape
Mid-market companies are often prime targets for cybercriminals. These companies manage substantial amounts of sensitive data and are increasingly using “smart” or web-connected technologies, yet frequently lack the comprehensive security infrastructure of larger enterprises. Kaminski emphasizes the high threat levels faced by these organizations, especially those that fall into the 16 categories of critical infrastructure.
Some of these companies, such as utilities, water treatment plants, and manufacturing facilities face a convergence of physical and cyber domains further complicating the security landscape as more and more internet connected smart technology is implemented such as supervisory control and data acquisition (SCADA) systems, or even simply new equipment that has a variety of sensors for remote monitoring and maintenance. For these, Kaminski works closely with his Protective Security Counterpart, Bob Winters to ensure both the cyber and physical security vulnerabilities are assessed and protected (learn more about Winters and his services in “Critical Infrastructure: DHS Assistance for Mid-Market Companies.”).
Key Services Provided
On the purely cyber side, Kaminski outlined several essential services offered to mid-market companies, all of which are provided at no cost, recognizing that smaller entities with limited resources often need the most help. These services include:
- Assessments and Baseline Reviews: Evaluating the current cybersecurity posture of an organization.
- Preparedness Activities: Facilitating Tabletop Cyber Exercises, Incident Management workshops, and Cybersecurity awareness trainings
- Cyber Hygiene Services: Conducting vulnerability and web application scanning to continuously assess the health of the organization’s internet-accessible assets by checking for known vulnerabilities
- Threat Information: Sharing critical threat intelligence to preempt potential breaches.
Through frequent interactions with various sectors, including K-12 schools, chemical facilities, utilities, and more, Kaminski and the 130 Cybersecurity Advisors across the country provide crucial support.
As small and mid-market companies often operate with limited resources yet face high threat levels. By offering cyber hygiene services, assessments at no cost, and preparedness activities, they help companies enhance their cybersecurity posture while limiting financial strain.
Innovative Tools and Initiatives
Kaminski also said that CISA works with partners to defend against today’s cyber threats and build a more secure and resilient infrastructure for the future. He explained that CISA collaborates with industry partners to develop and pilot free tools. Notable initiatives include “Logging Made Easy” which helps companies set up their data logs so they can be monitored for suspicious activity. Another is the “Cyber Security Evaluation Tool,” or CSET, which according to the CISA website
“provides a systematic, disciplined, and repeatable approach for evaluating an organization’s security posture. CSET is a desktop software tool that guides asset owners and operators through a step-by-step process to evaluate industrial control system (ICS) and information technology (IT) network security practices. Users can evaluate their own cybersecurity stance using many recognized government and industry standards and recommendations.”[i]
These tools are crucial in helping companies detect and respond to cyber threats.
Also, because of the trusted partnerships CISA has with public and private organizations throughout the homeland security enterprise, they stay up-to-date of new vulnerabilities, threats, and trends. If potential vulnerabilities or threats are identified, CISA proactively reaches out to potentially affected companies. A great example of this is the “Ransomware Vulnerability Warning Pilot” through which “CISA leverages existing authorities and technology to proactively identify information systems that contain security vulnerabilities commonly associated with ransomware attacks. Once CISA identifies these affected systems, our regional cybersecurity personnel notify system owners of their security vulnerabilities, thus enabling timely mitigation before damaging intrusions occur.”[ii]
Cybersecurity Information Sharing Groups
Another initiative Kaminski coordinates is cybersecurity information sharing groups, which play a crucial role in uniting various stakeholders. These groups meet quarterly and pull together individuals from different sectors to discuss threat information and its implications. The meetings typically include presentations on new or evolving threats or technologies, followed by time for discussion and networking.
Meeting participants include a mix of local government representatives, non-cyber professionals (CEOs, COOs, etc.), managed service providers, and cyber practitioners in the information technology and operational technology realms.
Reaching your CISA Cybersecurity Advisor
If you are not sure which region you are in, you can email central@cisa.gov with some information about your company and the location you are inquiring about. Make sure to include that you are seeking to get in touch with the Cyber Security Advisor for your area.
Alternatively, each region maintains an online mailbox, facilitating communication and collaboration directly with personnel in that region. Those are available via the CISA Regions website.
Organizations can also report anomalous cyber activity and/or cyber incidents 24/7 to SayCISA@cisa.dhs.gov or by calling 1-844-Say-CISA (1-844-729-2472).
Additionally, CISA has a site dedicated to assistance available for small and medium—sized businesses that contains a mix of physical and cybersecurity assistance.
Conclusion
Cybersecurity is essential for mid-market companies, which face significant threats but often lack the resources to defend themselves adequately. Through comprehensive assessments, threat information sharing, and proactive measures, Kaminski and his colleagues at CISA provide invaluable support to these organizations. By leveraging innovative tools, building trusted partnerships, and fostering information-sharing groups, they help mid-market companies navigate the complex cybersecurity landscape, ensuring their resilience and protection against evolving cyber threats.
Do need help securing your mid-market company? CrisisLead is here to help you navigate risk and prepare for what’s next. Reach out via the “contact us” page on our website, www.crisislead.com.
[i] CISA. (n.d.) Cyber Security Evaluation Tool (CSET). Available from: https://www.cisa.gov/resources-tools/services/cyber-security-evaluation-tool-cset. Accessed 2/7/2025.
[ii] CISA. (n.d.) Ransomware Vulnerability Warning Pilot (RVWP). Available from: https://www.cisa.gov/stopransomware/Ransomware-Vulnerability-Warning-Pilot. Accessed 2/7/2025.
