Cybersecurity and Infrastructure Security Agency Director Jen Easterly said that the agency's automated vulnerability warning program will be ready for full deployment by the end of the year, according to CyberScoop.
More than 2,000 warnings regarding software flaws actively targeted by ransomware gangs have already been provided by the software to nearly 7,000 organizations since being piloted in January 2023 under the Cyber Incident Reporting for Critical Infrastructure Act of 2022, said Easterly at an Institute for Security and Technology-hosted event.
"The warning pilot is focused on reducing the prevalence of ransomware by using our vulnerability scanning tools to let businesses know if they have vulnerabilities that need to be patched," Easterly noted.
While alerts will be given to organizations that have already shown interest in the agency's cyber hygiene scanning tool, Easterly said that CISA could also warn entities that have appeared on Shodan and other internet-scanning services.