文章总结： CISA呼吁关键基础设施组织应对内部威胁并发布组建多学科团队的新指导。内部威胁分为恶意行为和无意失误。CISA建议组织建立跨学科团队并营造信任文化，赋能员工主动预防与举报威胁。该指导旨在帮助组织提升韧性，主动检测并缓解因内部因素导致的系统与运营风险。 综合评分： 83 文章分类： 安全建设,安全运营,安全意识,解决方案

CISA敦促关键基础设施组织对内部威胁采取行动

原创

草根老烦 草根老烦

老烦的草根安全观

2026年1月30日 09:12 广东

CISA Urges Critical Infrastructure Organizations to Take Action Against Insider Threats

New Guidance Empowers Stakeholders Build Strong, Multi-Disciplinary Threat Management Teams

ReleasedJanuary 28, 2026

Related topics: Cybersecurity Best Practices

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) is calling on critical infrastructure organizations to take decisive action against insider threats. To support this effort, CISA has released today a powerful new resource—Assembling a Multi-Disciplinary Insider Threat Management Team. Designed for critical infrastructure entities and state, local, tribal, and territorial (SLTT) governments, this comprehensive infographic provides actionable strategies guidance to proactively prevent, detect and mitigate insider threats-helping organizations stay ahead of evolving organizational vulnerabilities.

Insider threats often take two forms: calculated acts of harm and unintentional mistakes. Malicious insiders may exploit access for personal gain or revenge, causing severe damage to systems and trust, At the same time, negligence or simple human errors can open the door to vulnerabilities that adversaries can exploit. Whether driven by intent or accident, insider threats pose one of the most serious risks to organizational security and resilience- demanding proactive measures to detect, prevent and respond.

“Insider threats remain one of the most serious challenges to organizational security because they can erode trust and disrupt critical operations.” said Acting CISA Director Dr. Madhu Gottumukkala. “CISA is committed to helping organizations confront this risk head-on by delivering practical strategies, expert guidance, and actionable resources that empower leaders to act decisively —building resilient, multi-disciplinary teams, fostering accountability, and safeguarding the systems Americans rely on every day.”

In today’s dynamic threat landscape, insider threat management teams can play a vital role in organizational resilience and should not be viewed as optional—they are essential. By following this roadmap and implementing its recommendations, organizations can reduce vulnerabilities, prevent workplace violence, and transform vulnerability into strength, ultimately reinforcing their defenses against evolving threats.

“Insider threats can disrupt operations, compromise safety, and cause reputational damage without warning. Organizations with mature insider threat programs are more resilient to disruptions, should they occur. People are the first and best line of defense against malicious insider threats and organizations should act now to safeguard their people and assets,” said CISA Executive Assistant Director for Infrastructure Security Steve Casapulla. “With input from our industry and government partners, our new infographic delivers clear, actionable guidance for building insider threat management teams. We encourage leadership to draw expertise from across departments for a holistic defense, while fostering a culture of trust where employees feel empowered to report concerns and stop threats before they escalate.”

CISA敦促关键基础设施组织对内部威胁采取行动

新指导赋能利益相关者组建强大且多学科的威胁管理团队

2026年1月28日发布

相关话题： 网络安全最佳实践

华盛顿——网络安全与基础设施安全局（CISA）呼吁关键基础设施组织对内部威胁采取果断行动。为支持这一努力，CISA今日发布了一项强有力的新资源——组建多学科内部威胁管理团队。该综合信息图面向关键基础设施实体以及州、地方、部落和领地（SLTT）政府，提供了可作的策略指导，以主动预防、检测和缓解内部威胁，帮助组织领先于不断演变的组织脆弱性。

内部威胁通常有两种形式：有计划的伤害行为和无意的错误。恶意内部人员可能利用访问权限谋取私利或报复，严重损害系统和信任。同时，疏忽或简单的人为失误也可能暴露漏洞，敌人可利用这些漏洞。无论是出于意图还是意外，内部威胁都是组织安全和韧性面临的最严重风险之一——需要采取主动措施来检测、预防和应对。

代理CISA主任马杜·戈图穆卡拉博士表示：“内部威胁仍然是组织安全面临的最严重挑战之一，因为它们可能侵蚀信任并扰乱关键行动。”“CISA致力于通过提供切实可行的战略、专家指导和可作资源，帮助组织正面应对这一风险，赋能领导者果断行动——建立有韧性的多学科团队，促进问责制，并保护美国人每天依赖的系统。”

在当今动态的威胁环境中，内部威胁管理团队在组织韧性中发挥着至关重要的作用，不应被视为可选——它们是必不可少的。通过遵循该路线图并落实其建议，组织可以减少脆弱性，预防职场暴力，并将脆弱性转化为力量，最终强化对不断演变威胁的防御。

“内部威胁可能毫无预警地干扰运营，危及安全，并造成声誉损害。拥有成熟内部威胁项目的组织，在发生中断时更具韧性。CISA基础设施安全执行助理主任Steve Casapulla表示，人是抵御恶意内部威胁的第一道也是最好的防线，组织应立即采取行动保护其人员和资产。在行业和政府合作伙伴的反馈下，我们的新信息图为构建内部威胁管理团队提供了清晰且可作的指导。我们鼓励领导层从各部门汇聚专业知识，实现全面的防御，同时营造信任文化，使员工能够在威胁升级前报告关切并制止威胁。”

免责声明：

本文所载程序、技术方法仅面向合法合规的安全研究与教学场景，旨在提升网络安全防护能力，具有明确的技术研究属性。

任何单位或个人未经授权，将本文内容用于攻击、破坏等非法用途的，由此引发的全部法律责任、民事赔偿及连带责任，均由行为人独立承担，本站不承担任何连带责任。

本站内容均为技术交流与知识分享目的发布，若存在版权侵权或其他异议，请通过邮件联系处理，具体联系方式可点击页面上方的联系我。

本文转载自：老烦的草根安全观 草根老烦 草根老烦《CISA敦促关键基础设施组织对内部威胁采取行动》