Jump to content

Cybersecurity and Infrastructure Security Agency

From ICANNWiki
Revision as of 16:02, 5 August 2021 by Jessica (talk | contribs)
Industry: Government
Founded: 2018
Headquarters: Arlington, Virginia
Country: USA
Website: https://www.cisa.gov/

The Cybersecurity and Infrastructure Security Agency (CISA) is the United States' cyber-risk advisor, seeking to defend against computer and Internet threats and build a secure, resilient ICT infrastructure for the future. CISA is part of the U.S. Department of Homeland Security.[1]

Overview

The CISA was founded in 2018 as a U.S. federal government agency dedicated to capacity-building for defending against Cyber attacks and providing Cybersecurity tools, incident response services and assessing the capacity to safeguard the .gov networks that support critical infrastructure. The agency collaborates with private and public sectors to deliver technical assistance and assessments. The CISA is also focused on ensuring public safety and emergency interoperable communications at all levels of government.

Leadership

Stop Ransomware Site

StopRansomware.gov is the U.S. Government's official one-stop location for resources to tackle ransomware, run by CISA.


NRMC

The National Risk Management Center (NRMC), which is housed within the CISA, is a center for planning, analysis, and collaboration toward identifying, prioritizing, and addressing risks to critical infrastructure. The Assistant Director of the NRMC is Bob Kolasky.

Continuous Diagnostics and Mitigation

PAM
Tommy Doyle, the CISA Associate Chief of Security Operations, runs the CDM Program and its privileged access management (PAM) tool. CISA has deployed PAM to 30 information systems with the aim of transitioning to a cohesive enterprise-wide approach. PAM offers:

  1. secure access for elevated rights,
  2. monitors and records all access continuously, and
  3. runs threat analysis to prevent unauthorized access of systems, by examining patterns of how users access

systems and alerting managers if a request falls outside of a user's usual time or place.[3]

VENOM
VENOM is CISA's PAM-enabled cloud network enclave, which was built from scratch as opposed to adding it as a tool to a legacy network. In summer 2020, VENOM's design, documentation, naming conventions, and account standards were developed and it received authorization to connect to other systems. In fall 2020, penetration tests were conducted and all attempts failed. In January 2021, VENOM was authorized to operate. However, this approach required new user accounts, removing old systems and accounts, and building trust among users.[4]

Critical Infrastructure

There are 16 sectors whose assets, systems, and networks are so vital to the United States that their incapacitation or destruction would have a debilitating effect on national security, the economy, and public health and safety.[5]

Sector Risk Management Agency[6] Most vulnerable to Cyberattacks[7]
Chemical DHS
Commercial Facilities DHS
Communications DHS X
Critical Manufacturing DHS X
Dams DHS
Defense Industrial Base DOD
Emergency Services DHS
Energy DOE X
Financial Services Treasury Department
Food & Agriculture HHS
Government Facilities General Services Administration & DHS
Healthcare & Public Health HHS X
Information Technology DHS X
Nuclear DHS
Transportation DHS & Transportation Department X
Water EPA

CISA on Ransomware

CISA's effort to educate the public on ransomware.


References