Cybersecurity and Infrastructure Security Agency

Last updated
Cybersecurity and Infrastructure Security Agency
Seal of Cybersecurity and Infrastructure Security Agency.svg
Seal of CISA
Cybersecurity and Infrastructure Security Agency new headquarters visualization.jpg
CISA's future headquarters on the Elizabeth's Campus in Washington, D.C.
Agency overview
FormedNovember 26, 2018;5 years ago (2018-11-26)
Preceding
  • National Protection and Programs Directorate
Jurisdiction United States Federal Government
Headquarters Washington, DC, United States
Motto"America's Cyber Defense Agency"
Employees3,161 (2023) [1]
Annual budget$2.9 billion (2023)
Agency executives
Parent department Department of Homeland Security
Website cisa.gov

The Cybersecurity and Infrastructure Security Agency (CISA) is a component of the United States Department of Homeland Security (DHS) responsible for cybersecurity and infrastructure protection across all levels of government, coordinating cybersecurity programs with U.S. states, and improving the government's cybersecurity protections against private and nation-state hackers. [4]

Contents

The agency began in 2007 as the DHS National Protection and Programs Directorate. [4] [5] With the Cybersecurity and Infrastructure Security Agency Act of 2018, CISA's footprint grew to include roles in securing elections and the census, managing National Special Security Events, and the U.S. response to the COVID-19 Pandemic. [6] It has also been involved in 5G network security and hardening the US grid against electromagnetic pulses (EMPs). [6] The Office for Bombing Prevention leads the national counter-IED effort. [7]

Currently headquartered in Arlington, Virginia, in 2025 CISA is planning to move its headquarters along with 6,500 employees to a new 10 story, 620,000 sq ft building on the consolidated DHS St. Elizabeths campus headquarters. [8]

History

The National Protection and Programs Directorate (NPPD) was formed in 2007 as a component of the United States Department of Homeland Security. [9] NPPD's goal was to advance the Department's national security mission by reducing and eliminating threats to U.S. critical physical and cyber infrastructure.

On November 16, 2018, President Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018, which elevated the mission of the former NPPD within DHS, establishing the Cybersecurity and Infrastructure Security Agency (CISA). [10] CISA is a successor agency to NPPD, and assists both other government agencies and private sector organizations in addressing cybersecurity issues. [11] Former NPPD Under-Secretary Christopher Krebs was CISA's first Director, and former Deputy Under-Secretary Matthew Travis was its first deputy director. [12] [13]

On January 22, 2019, CISA issued its first Emergency Directive (19-01: Mitigate DNS Infrastructure Tampering) [14] warning that "an active attacker is targeting government organizations" using DNS spoofing techniques to perform man-in-the-middle attacks. [15] Research group FireEye stated that "initial research suggests the actor or actors responsible have a nexus to Iran." [16]

In 2020, CISA created a website, titled Rumor Control, to rebut disinformation associated with the 2020 United States presidential election. [17] On November 12, 2020, CISA issued a press release asserting, "There is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised." [18] On the same day, Director Krebs indicated that he expected to be dismissed from his post by the Trump administration. [19] Krebs was subsequently fired by President Trump on November 17, 2020 [20] via tweet for his comments regarding the security of the election. [21]

Secretary of Homeland Security Alejandro Mayorkas at CISA's current headquarters in Arlington, Virginia in 2021. DHS Secretary Alejandro Mayorkas Participates in CISA Swearing In Ceremony - 51369641326.jpg
Secretary of Homeland Security Alejandro Mayorkas at CISA's current headquarters in Arlington, Virginia in 2021.

On July 12, 2021, the Senate confirmed Jen Easterly by a voice vote. [22] Easterly's nomination had been reported favorably out of Senate Committee on Homeland Security and Governmental Affairs on June 16, but a floor vote had been reportedly held (delayed) by Senator Rick Scott over broader national security concerns, until the President or Vice President had visited the southern border with Mexico. [23] Easterly hired new staff to monitor online disinformation to enhance what she called the nation's "cognitive infrastructure" and utilized the existing rumor control website during the 2021 elections. [24]

In September 2022, CISA released their 2023–2025 CISA Strategic Plan, the first comprehensive strategy document since the agency was established in 2018. [25]

Organization

Real Fake, a 2020 graphic novel from CISA about disinformation and misinformation campaigns Resilience Series 01 Real Fake.pdf
Real Fake, a 2020 graphic novel from CISA about disinformation and misinformation campaigns

CISA divisions include the: [26]

Programs

The Continuous Diagnostics and Mitigations program provides cybersecurity tools and services to federal agencies. [28] [29]

CISA issues "binding operational directives" that require federal government agencies to take action against specific cybersecurity risks. [30]

In March 2021, CISA assumed control of the .gov top-level domain (TLD) from the General Services Administration. CISA manages the approval of domains and operates the TLD Domain Name System nameservers. In April 2021, CISA removed the fee for registering domains. [31] In January 2023, Cloudflare received a $7.2M contract to provide DNS registry and hosting services for the TLD. [32]

CISA provides incident response services to the federal executive branch and US-based entities.

CISA manages the EINSTEIN intrusion detection system to detect malicious activity on federal government agency networks.

The National Defense Authorization Act for Fiscal Year 2021 granted CISA the authority to issue administrative subpoenas in order to identify the owners of internet connected critical infrastructure related devices with specific vulnerabilities. In 2021, CISA issued 47 subpoenas. [33]

In August 2021, Easterly stated "One could argue we’re in the business of critical infrastructure, and the most critical infrastructure is our cognitive infrastructure, so building that resilience to misinformation and disinformation, I think, is incredibly important." [34]

In 2021, CISA released a report that provided guidance for how to navigate and prevent ransomware incidents. This was due to a significant jump in recent attacks related to ransomware. [35]

Committees

Cybersecurity Advisory Committee

In 2021, the Agency created the Cybersecurity Advisory Committee with the following members: [36]

Directors

No.DirectorTerm
PortraitNameTook officeLeft officeTerm length
1
Chris Krebs official photo.jpg
Krebs, Chris C. Chris C. Krebs 16 November 201817 November 20202 years, 1 day
2
Director-Jen-Easterly-portrait.jpg
Easterly, Jen M. Jen M. Easterly 13 July 2021Incumbent3 years, 53 days

See also

Related Research Articles

<span class="mw-page-title-main">United States Department of Homeland Security</span> United States federal executive department

The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior or home ministries of other countries. Its stated missions involve anti-terrorism, border security, immigration and customs, cyber security, and disaster prevention and management.

<span class="mw-page-title-main">.gov</span> Sponsored top-level Internet domain used by United States federal and state governments

The domain name gov is a sponsored top-level domain (sTLD) in the Domain Name System of the Internet. The name is derived from the word government, indicating its restricted use by government entities. The TLD is administered by the Cybersecurity and Infrastructure Security Agency (CISA), a component of the United States Department of Homeland Security.

The United States Computer Emergency Readiness Team (US-CERT) is an organization within the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Specifically, US-CERT is a branch of the Office of Cybersecurity and Communications' (CS&C) National Cybersecurity and Communications Integration Center (NCCIC).

<span class="mw-page-title-main">National Cyber Security Division</span>

The National Cyber Security Division (NCSD) is a division of the Office of Cyber Security & Communications, within the United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. Formed from the Critical Infrastructure Assurance Office, the National Infrastructure Protection Center, the Federal Computer Incident Response Center, and the National Communications System, NCSD opened on June 6, 2003.

An information assurance vulnerability alert (IAVA) is an announcement of a computer application software or operating system vulnerability notification in the form of alerts, bulletins, and technical advisories identified by US-CERT, https://www.us-cert.gov/ US-CERT is managed by National Cybersecurity and Communications Integration Center (NCCIC), which is part of Cybersecurity and Infrastructure Security Agency (CISA), within the U.S. Department of Homeland Security (DHS). CISA, which includes the National Cybersecurity and Communications Integration Center (NCCIC) realigned its organizational structure in 2017, integrating like functions previously performed independently by the U.S. Computer Emergency Readiness Team (US-CERT) and the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). These selected vulnerabilities are the mandated baseline, or minimum configuration of all hosts residing on the GIG. US-CERT analyzes each vulnerability and determines if it is necessary or beneficial to the Department of Defense to release it as an IAVA. Implementation of IAVA policy will help ensure that DoD Components take appropriate mitigating actions against vulnerabilities to avoid serious compromises to DoD computer system assets that would potentially degrade mission performance.

The EINSTEIN System is a network intrusion detection and prevention system that monitors the networks of US federal government departments and agencies. The system is developed and managed by the Cybersecurity and Infrastructure Security Agency in the United States Department of Homeland Security (DHS).

<span class="mw-page-title-main">Director of the Cybersecurity and Infrastructure Security Agency</span>

The Director of the Cybersecurity and Infrastructure Security Agency is a high level civilian official in the United States Department of Homeland Security. The Director, as head of Cybersecurity and Infrastructure Security Agency at DHS, is the principal staff assistant and adviser to both the Secretary of Homeland Security and the Deputy Secretary of Homeland Security for all DHS programs designed to reduce the nation's risk to terrorism and natural disasters. The Director is appointed from civilian life by the President with the consent of the Senate to serve at the pleasure of the President.

The National Cybersecurity Alliance (NCA), is an American nonprofit 501(c)(3) organization which promotes cyber security awareness and education. The NCA works with various stakeholders across government, industry, and civil society promoting partnerships between the federal government and technology corporations. NCA's primary federal partner is the Cybersecurity and Infrastructure Security Agency within the U.S. Department of Homeland Security.

<span class="mw-page-title-main">Cybersecurity Information Sharing Act</span>

The Cybersecurity Information Sharing Act is a United States federal law designed to "improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes". The law allows the sharing of Internet traffic information between the U.S. government and technology and manufacturing companies. The bill was introduced in the U.S. Senate on July 10, 2014, and passed in the Senate on October 27, 2015. Opponents question CISA's value, believing it will move responsibility from private businesses to the government, thereby increasing vulnerability of personal private information, as well as dispersing personal private information across seven government agencies, including the NSA and local police.

The Center for Internet Security (CIS) is a US 501(c)(3) nonprofit organization, formed in October 2000. Its mission statement professes that the function of CIS is to " help people, businesses, and governments protect themselves against pervasive cyber threats."

The National Cybersecurity and Communications Integration Center (NCCIC) is part of the Cybersecurity Division of the Cybersecurity and Infrastructure Security Agency, an agency of the U.S. Department of Homeland Security. It acts to coordinate various aspects of the U.S. federal government's cybersecurity and cyberattack mitigation efforts through cooperation with civilian agencies, infrastructure operators, state and local governments, and international partners.

<span class="mw-page-title-main">Cybersecurity and Infrastructure Security Agency Act</span> United States law establishing the Cybersecurity and Infrastructure Security Agency

The Cybersecurity and Infrastructure Security Agency Act of 2018 was signed by president Donald Trump on November 16, 2018, to establish the Cybersecurity and Infrastructure Security Agency under the Department of Homeland Security. The act was introduced into the United States House of Representatives by Michael McCaul (R-TX-10) on July 24, 2017. It received committee consideration from the House Homeland Security, House Energy and Commerce, House Oversight and Government Return, and House Transportation and Infrastructure, though it was discharged by the Committee on Energy and Commerce, the Committee on Government Oversight and Return, and the Committee on Transportation. It passed the House of Representatives on December 11, 2017, via vocal vote, passed the Senate on October 3, 2018, by unanimous consent, and agreed upon by the House again on November 13, 2018.

<span class="mw-page-title-main">Matthew Travis</span> American businessman & government official

Matthew Travis is a businessman and former American government official. He served as the Deputy Director for the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA). Travis served as Deputy Under Secretary for the National Protection and Programs Directorate (NPPD) before the agency became CISA on November 16, 2018.

<span class="mw-page-title-main">Chris Krebs</span> American cybersecurity and infrastructure security expert (born 1977)

Christopher Cox Krebs is an American attorney who served as Director of the Cybersecurity and Infrastructure Security Agency in the United States Department of Homeland Security from November 2018 until November 17, 2020, when President Donald Trump fired Krebs for contradicting Trump's claims of election fraud in the 2020 presidential election.

<span class="mw-page-title-main">Brandon Wales</span> American national security official

Brandon D. Wales is an American national security official who served as the acting director of the Cybersecurity and Infrastructure Security Agency. Wales assumed office after President Donald Trump fired Chris Krebs, and previously served as first executive director of the agency.

<span class="mw-page-title-main">2020 United States federal government data breach</span> US federal government data breach

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.

<span class="mw-page-title-main">Jen Easterly</span> American government official

Jen Easterly is an American intelligence and former military official who is serving as the director of the Cybersecurity and Infrastructure Security Agency in the Biden administration. She was confirmed by a voice vote in the Senate on July 12, 2021.

The Cyber Safety Review Board was established by United States Secretary of Homeland Security Alejandro Mayorkas on February 3, 2022. Modeled after the National Transportation Safety Board, the Board reviews significant cybersecurity incidents and issues reports. President Joe Biden directed the Board's creation through Section 5 of Executive Order 14028, issued on May 12, 2021.

Operational collaboration is a cyber resilience framework that leverages public-private partnerships to reduce the risk of cyber threats and the impact of cyberattacks on United States cyberspace. This operational collaboration framework for cyber is similar to the Federal Emergency Management Agency (FEMA)'s National Preparedness System which is used to coordinate responses to natural disasters, terrorism, chemical and biological events in the physical world.

<span class="mw-page-title-main">Disinformation Governance Board</span> Board of the U.S. Department of Homeland Security

The Disinformation Governance Board (DGB) was an advisory board of the United States Department of Homeland Security (DHS), announced on April 27, 2022. The board's stated function was to protect national security by disseminating guidance to DHS agencies on combating misinformation, malinformation, and disinformation that threatens the security of the homeland. Specific problem areas mentioned by the DHS included false information propagated by human smugglers encouraging migrants to surge to the Mexico–United States border, as well as Russian-state disinformation on election interference and the 2022 Russian invasion of Ukraine.

References

  1. "CISA Hiring Hits High Score, and We're Not Done!!". 21 August 2023. Retrieved 24 August 2023.
  2. "Leadership". US Department of Homeland Security. September 7, 2006.
  3. "NITIN NATARAJAN". Department of Homeland Security. February 16, 2021. Archived from the original on February 23, 2021. Retrieved April 16, 2021.
  4. 1 2 Cimpanu, Catalin (November 16, 2018). "Trump signs bill that creates the Cybersecurity and Infrastructure Security Agency". ZDNet . Archived from the original on February 19, 2019. Retrieved December 16, 2018.
  5. "About CISA". Department of Homeland Security. 19 November 2018. Archived from the original on 6 July 2019. Retrieved 16 December 2018.PD-icon.svg This article incorporates text from this source, which is in the public domain .
  6. 1 2 "National Risk Management Center | Cybersecurity and Infrastructure Security Agency CISA". cisa.gov. Retrieved 2023-08-24.
  7. "OBP Fact Sheet | CISA". cisa.gov. 2023-06-08. Retrieved 2023-08-24.
  8. Weisner, Molly (2023-08-17). "Homeland Security to break ground on new CISA, ICE offices". Federal Times . Retrieved 2023-08-24.
  9. "DHS | About the National Protection and Programs Directorate". Dhs.gov. 2011-08-26. Archived from the original on 2011-09-25. Retrieved 2011-09-27.
  10. "Cybersecurity and Infrastructure Security Agency". DHS.gov. Archived from the original on 23 November 2018. Retrieved 24 November 2018.
  11. Ropek, Lucas (2020-07-28). "Will CISA Be the Savior of State and Local Cybersecurity?". Government Technology . Retrieved 2020-11-18.
  12. Johnson, Derek B. (2018-03-18). "NPPD taps vendor for No. 2 role". Federal Computer Week . Archived from the original on 2019-09-30. Retrieved 2019-03-15.
  13. Rockwell, Mark (2018-12-20). "Standing up CISA". Federal Computer Week . Archived from the original on 2019-09-30. Retrieved 2019-03-15.
  14. "Emergency Directive 19-01". cyber.dhs.gov. Department of Homeland Security. 22 January 2019. Archived from the original on 3 July 2019. Retrieved 16 February 2019.
  15. Krebs, Christopher. "Why CISA issued our first Emergency Directive". cyber.dhs.gov. Department of Homeland Security. Archived from the original on 6 July 2019. Retrieved 16 February 2019.
  16. Hirani, Muks; Jones, Sarah; Read, Ben. "Global DNS Hijacking Campaign: DNS Record Manipulation at Scale". FireEye. Archived from the original on 25 June 2019. Retrieved 16 February 2019.
  17. Courtney, Shaun; Sebenius, Alysa; Wadhams, Nick (2020-11-12). "Turmoil Hits Cyber Agency Engaged in Election as Staff Leave". Bloomberg News . Retrieved 2020-11-18.
  18. "Federal cybersecurity agency calls election 'most secure in American history'". Engadget. 13 November 2020. Retrieved 2020-11-17.
  19. Geller, Eric; Bertrand, Natasha (2020-11-12). "Top cyber official expecting to be fired as White House frustrations hit agency protecting elections". Politico . Retrieved 2020-11-13.
  20. "Trump fires head of U.S. election cybersecurity who debunked conspiracy theories". NBC News . 18 November 2020. Retrieved 2022-07-01.
  21. Kaitlan Collins and Paul LeBlanc (18 November 2020). "Trump fires director of Homeland Security agency who had rejected President's election conspiracy theories". CNN . Retrieved 2020-11-18.
  22. "PN420 - Nomination of Jen Easterly for Department of Homeland Security, 117th Congress (2021-2022)". www.congress.gov. 2021-06-16. Retrieved 2021-07-12.
  23. Miller, Maggie (2021-06-23). "Rick Scott blocks Senate vote on top cyber nominee until Harris visits border". The Hill . Retrieved 2021-07-12.
  24. Maggie Miller. (10 November 2021). "Cyber agency beefing up disinformation, misinformation team". The Hill website Retrieved 18 December 2023.
  25. "Strategic Plan | CISA". cisa.gov. Retrieved 2022-09-17.
  26. "Cybersecurity and Infrastructure Security Agency Divisions & Offices" . Retrieved 26 March 2023.
  27. Cybersecurity and Infrastructure Security Agency. "CISA Regions" . Retrieved 26 March 2023.
  28. Miller, Jason (7 November 2022). "CISA signature federal cyber program warrants more than a passing anniversary nod". Federal News Network. Retrieved 26 March 2023.
  29. Cybersecurity and Infrastructure Security Agency. "Continuous Diagnostics and Mitigations Program" . Retrieved 26 March 2023.
  30. Cybersecurity and Infrastructure Security Agency (18 May 2022). "Cybersecurity Directives" . Retrieved 26 March 2023.
  31. Cybersecurity and Infrastructure Security Agency (27 April 2021). "A new day for .gov" . Retrieved 26 March 2023.
  32. Cloudflare (13 January 2023). "Cloudflare Wins CISA Contract for Registry and Authoritative Domain Name System (DNS) Services" . Retrieved 26 March 2023.
  33. "CY2021 ADMINISTRATIVE SUBPOENA FOR VULNERABILITY NOTIFICATION YEAR IN REVIEW" (PDF). Retrieved 2023-06-16.
  34. Klippenstein, Ken; Fang, Lee (October 31, 2022). "Leaked Documents Outline DHS's Plans to Police Disinformation". The Intercept. Retrieved 2023-01-17.
  35. Piper, D L A (July 2021). "Cybersecurity and infrastructure security agency releases guidance regarding ransomware". Journal of Internet Law. 25 (1): 1–17.
  36. "CISA Names 23 Members to New Cybersecurity Advisory Committee | CISA". cisa.gov. December 2021. Retrieved 2023-01-17.