Jump to content

Cybersecurity and Infrastructure Security Agency

(Redirected from CISA)
Organization
Focus Government
Region NA
Country
  • United States of America
City Arlington, Virginia
Founded 2018
Websites

The Cybersecurity and Infrastructure Security Agency (CISA) is the United States' cyber-risk advisor, seeking to defend against computer and Internet threats and build a secure, resilient ICT infrastructure for the future. CISA is part of the U.S. Department of Homeland Security.[1]

Overview[edit | edit source]

The CISA was founded in 2018 as a U.S. federal government agency dedicated to capacity-building for defending against Cyber attacks and providing Cybersecurity tools, incident response services and assessing the capacity to safeguard the .gov networks that support critical infrastructure. The agency collaborates with private and public sectors to deliver technical assistance and assessments. The CISA is also focused on ensuring public safety and emergency interoperable communications at all levels of government.

Leadership[edit | edit source]

Stop Ransomware Site[edit | edit source]

StopRansomware.gov is the U.S. Government's official one-stop location for resources to tackle ransomware, run by CISA.[3]

Cyber Hygiene Services[edit | edit source]

CISA offers scanning and testing services for assessing, identifying, and reducing exposure to threats, including ransomware. These scans:

  • Identify externally accessible and thus vulnerable assets and services
  • Find website weaknesses and poor configurations
  • Determine the susceptibility of an organization’s personnel to opening malicious emails with phishing links
  • Test perimeter defenses by mimicking adversial tactics used to gain unauthorized access to networks

CSET[edit | edit source]

The Cyber Security Evaluation Tool (CSET) is a stand-alone desktop application to help operators systematically evaluate Operational Technology and Information Technology.[4] It includes the Ransomware Readiness Assessment (RRA) module, which is a self-assessment based on a tiered set of practices to help organizations assess how well they are equipped to defend against and recover from a ransomware incident.[5]

NRMC[edit | edit source]

The National Risk Management Center (NRMC), which is housed within the CISA, is a center for planning, analysis, and collaboration toward identifying, prioritizing, and addressing risks to critical infrastructure. The Assistant Director of the NRMC is Bob Kolasky.

Continuous Diagnostics and Mitigation[edit | edit source]

PAM
Tommy Doyle, the CISA Associate Chief of Security Operations, runs the CDM Program and its privileged access management (PAM) tool. CISA has deployed PAM to 30 information systems with the aim of transitioning to a cohesive enterprise-wide approach. PAM offers:

  1. secure access for elevated rights,
  2. monitors and records all access continuously, and
  3. runs threat analysis to prevent unauthorized access of systems, by examining patterns of how users access

systems and alerting managers if a request falls outside of a user's usual time or place.[6]

VENOM
VENOM is CISA's PAM-enabled cloud network enclave, which was built from scratch as opposed to adding it as a tool to a legacy network. In summer 2020, VENOM's design, documentation, naming conventions, and account standards were developed and it received authorization to connect to other systems. In fall 2020, penetration tests were conducted and all attempts failed. In January 2021, VENOM was authorized to operate. However, this approach required new user accounts, removing old systems and accounts, and building trust among users.[7]

Critical Infrastructure[edit | edit source]

There are 16 sectors whose assets, systems, and networks are so vital to the United States that their incapacitation or destruction would have a debilitating effect on national security, the economy, and public health and safety.[8]

Sector Risk Management Agency[9] Most vulnerable to Cyberattacks[10]
Chemical DHS
Commercial Facilities DHS
Communications DHS X
Critical Manufacturing DHS X
Dams DHS
Defense Industrial Base DOD
Emergency Services DHS
Energy DOE X
Financial Services Treasury Department
Food & Agriculture HHS
Government Facilities General Services Administration & DHS
Healthcare & Public Health HHS X
Information Technology DHS X
Nuclear DHS
Transportation DHS & Transportation Department X
Water EPA

CISA on Ransomware[edit | edit source]

CISA's effort to educate the public on ransomware.


References[edit | edit source]

  1. CISA Homepage
  2. Leadership, CISA
  3. Resources, Stop Ransomware, CISA
  4. CSET, CISA
  5. RRA, CISA News Release
  6. PAM success story, CISA
  7. PAM success story, CISA
  8. Guidance on Critical Infrastructure Sectors, CISA
  9. CI Sectors, CISA
  10. Cyberattacks on CI, Allianz

North America, according to the ICANN Geographic Regions (ICANN Geographic Regions).

Retrieved from "https://icannwiki.org/index.php?title=Cybersecurity_and_Infrastructure_Security_Agency&oldid=1373031"
... more about "Cybersecurity and Infrastructure Security Agency"
RDF feed
Date foundedStores the date that an object was founded, normalized to the "Month DD, YYYY" format.
2018 +
Has ICANN regionAssociates an object with an ICANN-determined Geographic Region.
NA +
Has cityStores the city associated with an object. This value does not get normalized.
Arlington, Virginia +
Has countryAssociates a page with a country. Territory names are extracted from ISO 3166, "Country Codes".
United States of America +
Has entity typeSpecifies the primary classification or fundamental type of the page's subject (e.g., Event, Organization, Person).
Organization +
Has focusAssociates an object with a focus theme. Not normalized.
Government +