Here’s everything you need to know about CISA
In July, officials from the Department of Homeland Security (DHS) confirmed a very scary rumor: hackers working for the Russian government had hacked the U.S. power grid, gaining a level of access at which they could have cut off power to U.S. citizens.
Clearly, U.S. infrastructure simply isn’t effectively protected against cyberattacks — but that could change thanks to newly-signed legislation.
On Friday, President Donald Trump signed into law the Cybersecurity and Infrastructure Security Agency (CISA) Act of 2018, thereby establishing the first agency devoted to defending U.S. infrastructure from both cyber and physical attacks.
According to the DHS website, CISA will include a National Cybersecurity and Communications Integration Center (NCCIC) that will serve as the U.S. government’s go-to resource for anything related to cybersecurity. NCCIC will respond to any cybersecurity threats, ensure all .gov websites remain secure, and provide the government with cybersecurity defense capabilities.
CISA will also coordinate all cybersecurity efforts between the government and its private partners, ensuring both are properly trained and prepared to handle cyberattacks. In the event there is an attack on U.S. critical infrastructure, CISA is tasked with coordinating response efforts and facilitating effective communication.
Power to the People
We still don’t know for sure that the Russian attack on U.S. power companies is over. Some companies might not even know Russia hacked their systems, meaning they might not have taken any action to address the situation. In other words, Russia could still have access to those power companies’ control rooms.
That isn’t the only known example of a cyberattack on U.S. infrastructure, either, and it certainly won’t be the last. Nations will likely wage the wars of the future from behind keyboards, and by establishing CISA, the U.S. government is showing that it’s doing what it can to prepare for the era of cyber combat.
On November 16, 2018, President Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018. This landmark legislation elevates the mission of the former National Protection and Programs Directorate (NPPD) within DHS and establishes the Cybersecurity and Infrastructure Security Agency (CISA).
- CISA leads the national effort to defend critical infrastructure against the threats of today, while working with partners across all levels of government and in the private sector to secure against the evolving risks of tomorrow.
- The name CISA brings recognition to the work being done, improving its ability to engage with partners and stakeholders, and recruit top cybersecurity talent.
What Does CISA Do?
CISA is responsible for protecting the Nation’s critical infrastructure from physical and cyber threats. This mission requires effective coordination and collaboration among a broad spectrum of government and private sector organizations.
Proactive Cyber Protection
- CISA’s National Cybersecurity and Communications Integration Center (NCCIC) provides 24×7 cyber situational awareness, analysis, incident response and cyber defense capabilities to the Federal government; state, local, tribal and territorial governments; the private sector and international partners.
- CISA provides cybersecurity tools, incident response services and assessment capabilities to safeguard the ‘.gov’ networks that support the essential operations of partner departments and agencies.
- CISA coordinates security and resilience efforts using trusted partnerships across the private and public sectors, and delivers training, technical assistance, and assessments to federal stakeholders as well as to infrastructure owners and operators nationwide.
- CISA provides consolidated all-hazards risk analysis for U.S. critical infrastructure through the National Risk Management Center.
- CISA enhances public safety interoperable communications at all levels of government, providing training, coordination, tools and guidance to help partners across the country develop their emergency communications capabilities.
- Working with stakeholders across the country, CISA conducts extensive, nationwide outreach to support and promote the ability of emergency response providers and relevant government officials to continue to communicate in the event of natural disasters, acts of terrorism, and other man-made disasters.
Organizational Changes Related to the CISA Act
The CISA Act establishes three divisions in the new agency: Cybersecurity, Infrastructure Security and Emergency Communications.
- The Act transfers the Office of Biometrics Identity Management (OBIM) to DHS’s Management Directorate. Placement within the DHS Headquarters supports expanded collaboration and ensures OBIM’s capabilities are available across the DHS enterprise and the interagency.
- The bill provides the Secretary of Homeland Security the flexibility to determine an alignment of the Federal Protective Service (FPS) that best supports its critical role of protecting federal employees and securing federal facilities across the nation and territories.