Background
On November 16, 2018, President Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018. This landmark legislation elevated the mission of the former National Protection and Programs Directorate (NPPD) within the Department of Homeland Security (DHS) and established CISA, which includes the National Cybersecurity and Communications Integration Center (NCCIC). NCCIC realigned its organizational structure in 2017, integrating like functions previously performed independently by the U.S. Computer Emergency Readiness Team (US-CERT) and the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). According to the memorandum, the alert system should:
- Identify a system administrator to be the point of contact for each relevant network system,
- Send alert notifications to each point of contact,
- Require confirmation by each point of contact acknowledging receipt of each alert notification,
- Establish a date for the corrective action to be implemented, and enable DISA to confirm whether the correction has been implemented.
The Deputy Secretary of Defense issued an Information Assurance Vulnerability Alert (IAVA) policy memorandum on December 30, 1999. Current events of the time demonstrated that widely known vulnerabilities exist throughout DoD networks, with the potential to severely degrade mission performance. The policy memorandum instructs the DISA to develop and maintain an IAVA database system that would ensure a positive control mechanism for system administrators to receive, acknowledge, and comply with system vulnerability alert notifications. The IAVA policy requires the Component Commands, Services, and Agencies to register and report their acknowledgement of and compliance with the IAVA database. According to the policy memorandum, the compliance data to be reported should include the number of assets affected, the number of assets in compliance, and the number of assets with waivers.
Computer security, cybersecurity, or information technology security is the protection of computer systems and networks from information disclosure, theft of, or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.
The United States Computer Emergency Readiness Team (US-CERT) is an organization within the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Specifically, US-CERT is a branch of the Office of Cybersecurity and Communications' (CS&C) National Cybersecurity and Communications Integration Center (NCCIC).
The National Cyber Security Division (NCSD) is a division of the Office of Cyber Security & Communications, within the United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. Formed from the Critical Infrastructure Assurance Office, the National Infrastructure Protection Center, the Federal Computer Incident Response Center, and the National Communications System, NCSD opened on June 6, 2003. The NCSD mission is to collaborate with the private sector, government, military, and intelligence stakeholders to conduct risk assessments and mitigate vulnerabilities and threats to information technology assets and activities affecting the operation of the civilian government and private sector critical cyber infrastructures. NCSD also provides cyber threat and vulnerability analysis, early warning, and incident response assistance for public and private sector constituents. NCSD carries out the majority of DHS’ responsibilities under the Comprehensive National Cybersecurity Initiative. The FY 2011 budget request for NCSD is $378.744 million and includes 342 federal positions. The current director of the NCSD is John Streufert, former chief information security officer (CISO) for the United States Department of State, who assumed the position in January 2012.
Software assurance (SwA) is defined as "the level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner."
Critical infrastructure protection (CIP) is a concept that relates to the preparedness and response to serious incidents that involve the critical infrastructure of a region or nation.
Ivanti is an IT software company headquartered in South Jordan, Utah. It produces software for IT Security, IT Service Management, IT Asset Management, Unified Endpoint Management, Identity Management and Supply Chain Management. It was formed in January 2017 with the merger of LANDESK and HEAT Software, and later acquired Cherwell Software.
The CERT Coordination Center (CERT/CC) is the coordination center of the computer emergency response team (CERT) for the Software Engineering Institute (SEI), a non-profit United States federally funded research and development center. The CERT/CC researches software bugs that impact software and internet security, publishes research and information on its findings, and works with business and government to improve security of software and the internet as a whole.
Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the confidentiality, integrity and availability of information.
In the fields of computer security and information technology, computer security incident management involves the monitoring and detection of security events on a computer or computer network, and the execution of proper responses to those events. Computer security incident management is a specialized form of incident management, the primary purpose of which is the development of a well understood and predictable response to damaging events and computer intrusions.
EINSTEIN was originally an intrusion detection system that monitors the network gateways of government departments and agencies in the United States for unauthorized traffic. The software was developed by the United States Computer Emergency Readiness Team (US-CERT), which is the operational arm of the National Cyber Security Division (NCSD) of the United States Department of Homeland Security (DHS). The program was originally developed to provide "situational awareness" for the civilian agencies. While the first version examined network traffic and subsequent versions examined content, the current version of EINSTEIN is significantly more advanced.
United States Cyber Command (USCYBERCOM) is one of the eleven unified combatant commands of the United States Department of Defense (DoD). It unifies the direction of cyberspace operations, strengthens DoD cyberspace capabilities, and integrates and bolsters DoD's cyber expertise.
Security information and event management (SIEM) is a field within the field of computer security, where software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware. Vendors sell SIEM as software, as appliances, or as managed services; these products are also used to log security data and generate reports for compliance purposes. The term and the initialism SIEM was coined by Mark Nicolett and Amrit Williams of Gartner in 2005.
Industrial Control System (ICS) Cybersecurity is the prevention of interference with the proper operation of industrial automation and control systems. These control systems manage essential services including electricity, petroleum production, water, transportation, manufacturing, and communications. They rely on computers, networks, operating systems, applications, and programmable controllers, each of which could contain security vulnerabilities. The 2010 discovery of the Stuxnet worm demonstrated the vulnerability of these systems to cyber incidents. The United States and other governments have passed cyber-security regulations requiring enhanced protection for control systems operating critical infrastructure.
The Indian Computer Emergency Response Team is an office within the Ministry of Electronics and Information Technology of the Government of India. It is the nodal agency to deal with cyber security threats like hacking and phishing. It strengthens security-related defence of the Indian Internet domain.
The following outline is provided as an overview of and topical guide to computer security:
The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), also known as the New Jersey Office of Homeland Security and Preparedness' (NJOHSP) Division of Cybersecurity, is the first American state-level information sharing and analysis organization in the United States that exchanges cyber threat intelligence and conducts incident response for governments, businesses, and citizens in New Jersey. Located at NJ’s Regional Operations and Intelligence Center (ROIC), and acting in a cyber fusion center capacity the NJCCIC is composed of staff from NJOHSP, the NJ Office of Information Technology, and the NJ State Police. The NJCCIC's nomenclature is derived from its federal counterpart, the National Cybersecurity and Communications Integration Center, which encompasses the U.S. Department of Homeland Security's Computer Emergency Readiness Team (US-CERT).
Assured Compliance Assessment Solution (ACAS) is a software set of information security tools used for vulnerability scanning and risk assessment by agencies of the United States Department of Defense (DoD). It performs automated vulnerability scanning and device configuration assessment. ACAS was implemented by the DoD in 2012, with contracts awarded to Tenable, Inc. and Hewlett Packard Enterprise Services to improve cybersecurity within the DoD. It is mandated by regulations for all DoD agencies and is deployed via download. Part of the ACAS software monitors passive network traffic, new network hosts, and applications that are vulnerable to compromise. It also generates required reports and data that are remotely accessible, with a centralized console, and is Security Content Automation Protocol (SCAP) compliant. The Defense Information Systems Agency's Cyber Development (CD) provides program management and support in the deployment of ACAS. The Army's Systems Engineering and Integration Directorate said in 2016 that ACAS gives the Army "a clear, specific and timely picture of cyber vulnerabilities and how they are being addressed. Not only does the technology streamline processes at the operator level, it also enables broader goals such as the Cybersecurity Scorecard and automated patching for improved mission assurance."
The National Cybersecurity and Communications Integration Center (NCCIC) is part of the Cybersecurity Division of the Cybersecurity and Infrastructure Security Agency, an agency of the U.S. Department of Homeland Security. It acts to coordinate various aspects of the U.S. federal government's cybersecurity and cyberattack mitigation efforts through cooperation with civilian agencies, infrastructure operators, state and local governments, and international partners.
The Cybersecurity and Infrastructure Security Agency (CISA) is a United States federal agency, an operational component under Department of Homeland Security (DHS) oversight. Its activities are a continuation of the National Protection and Programs Directorate (NPPD). CISA was established on November 16, 2018 when President Donald Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018. Brandon Wales served as Acting Director until Jen Easterly was unanimously confirmed by the Senate on July 12, 2021 and became Director.
On April 20, 2021, it was reported that suspected Chinese-state backed hacker groups had breached multiple government agencies, defense companies and financial institutions in both the US and Europe after the hackers created and used a Zero-day exploit for Ivanti Pulse Connect Secure VPN devices. A Cybersecurity and Infrastructure Security Agency alert reported that the attacks using the exploited started in June 2020 or earlier. The attacks are believed to be the third major data breach against the U.S. in the past year behind the 2020 United States federal government data breach and the 2021 Microsoft Exchange Server data breach.
