CISA

Industry:	Government
Founded:	2018
Headquarters:	Arlington, Virginia
Country:	USA
Website:	https://www.cisa.gov/

The Cybersecurity and Infrastructure Security Agency (CISA) is the United States' cyber-risk advisor, seeking to defend against computer and Internet threats and build a secure, resilient ICT infrastructure for the future. CISA is part of the U.S. Department of Homeland Security.^[1]

Overview

The CISA was founded in 2018 as a U.S. federal government agency dedicated to capacity-building for defending against Cyber attacks and providing Cybersecurity tools, incident response services and assessing the capacity to safeguard the .gov networks that support critical infrastructure. The agency collaborates with private and public sectors to deliver technical assistance and assessments. The CISA is also focused on ensuring public safety and emergency interoperable communications at all levels of government.

Leadership

• Director: Jen Easterly
• Deputy Director: Nitin Natarajan
• Executive Director: Brandon Wales
• Executive Assistant Director for Cybersecurity: Eric Goldstein
• Executive Assistant Director for Infrastructure Security: David Mussington^[2]

Stop Ransomware Site

StopRansomware.gov is the U.S. Government's official one-stop location for resources to tackle ransomware, run by CISA.^[3]

Cyber Hygiene Services

CISA offers scanning and testing services for assessing, identifying, and reducing exposure to threats, including ransomware. These scans:

• Identify externally accessible and thus vulnerable assets and services
• Find website weaknesses and poor configurations
• Determine the susceptibility of an organization’s personnel to opening malicious emails with phishing links
• Test perimeter defenses by mimicking adversial tactics used to gain unauthorized access to networks

CSET

The Cyber Security Evaluation Tool (CSET) is a stand-alone desktop application to help operators systematically evaluate Operational Technology and Information Technology.^[4] It includes the Ransomware Readiness Assessment (RRA) module, which is a self-assessment based on a tiered set of practices to help organizations assess how well they are equipped to defend against and recover from a ransomware incident.^[5]

NRMC

The National Risk Management Center (NRMC), which is housed within the CISA, is a center for planning, analysis, and collaboration toward identifying, prioritizing, and addressing risks to critical infrastructure. The Assistant Director of the NRMC is Bob Kolasky.

Continuous Diagnostics and Mitigation

PAM
Tommy Doyle, the CISA Associate Chief of Security Operations, runs the CDM Program and its privileged access management (PAM) tool. CISA has deployed PAM to 30 information systems with the aim of transitioning to a cohesive enterprise-wide approach. PAM offers:

1. secure access for elevated rights,
2. monitors and records all access continuously, and
3. runs threat analysis to prevent unauthorized access of systems, by examining patterns of how users access

systems and alerting managers if a request falls outside of a user's usual time or place.^[6]

VENOM
VENOM is CISA's PAM-enabled cloud network enclave, which was built from scratch as opposed to adding it as a tool to a legacy network. In summer 2020, VENOM's design, documentation, naming conventions, and account standards were developed and it received authorization to connect to other systems. In fall 2020, penetration tests were conducted and all attempts failed. In January 2021, VENOM was authorized to operate. However, this approach required new user accounts, removing old systems and accounts, and building trust among users.^[7]

Critical Infrastructure

There are 16 sectors whose assets, systems, and networks are so vital to the United States that their incapacitation or destruction would have a debilitating effect on national security, the economy, and public health and safety.^[8]

CISA on Ransomware

CISA's effort to educate the public on ransomware.

References