What is the Cybersecurity and Infrastructure Agency?
The agency was established in November 2018 under the U.S. Department of Homeland Security, and was formerly called the National Protection and Programs Directorate (NPPD). CISA's main goal is to "defend against cyber attacks and work with the federal government to provide cybersecurity tools, incident response services, and to build more secure and resilient infrastructure for the future." The agency works to protect and defend networks and critical infrastructure. After 9/11, the agency realized that adversaries used critical infrastructure to cause harm. The CISA defines critical infrastructure as "the physical and cyber systems and assets that are so vital to the U.S. that their destruction would have a debilitating impact on our physical or economic security, public health, or safety." This incident forced the CISA to reconsider how to best protect cyber vulnerabilities from being breached and exploited. Burd emphasized how the majority of critical infrastructure is not owned by the government, but by privately-held companies. Therefore, he asserted that cybersecurity is a shared responsibility held by everyone.
Cyber attacks have become frequent in today's culture. In response to this culture of hacking, CISA strives to protect '.gov' networks from being exploited. CISA helps agencies identity threats and provides tools to handle breaches. Burd explains that the public should be concerned with government agencies being hacked, because they are an interface between the government and the public.
What about privacy?
Burd iterates that information privacy is the right to have some control over personal information that is collected, used, and shared. However, information privacy is a cyber vulnerability that is hard to protect, since many individuals have bad cyber hygiene practices-steps to maintain cyber security. The Internet has become an important aspect in the daily life of people. We often provide sensitive information on some digital platform that can be breached if the right practices are not followed. It is typical for an individual to use the same username and password for multiple logins. This practice makes it easy for a hacker to log into your other applications and software systems.
What can I do to protect my information?
Burd mentions some basic security measures that individuals can implement to protect their information.
- An individual can protect their information by utilizing multi-factor authentication. Multi-factor authentication requires two means of verification to ensure the user's identity. For example, after an individual types in their login information, the system may send a verification code to your phone or email. This code would then have to be entered before the individual can access the platform.
- The next simple step is to use different usernames and passwords for your applications. If you use the same login credentials for all your platforms, you are more likely to being exploited across all these applications. If you differentiate your information for each platform, you make it more difficult to hack into. Furthermore, Burd emphasized that random algorithms are not as safe as you may think. Many of these algorithms are computerized and can easily be deciphered. The best way to protect your information, is to create a personal phrase for your password. Phrases are more difficult to decode than a simple one-word passcode. It is essential to make this phrase personal to you; something that cannot easily be guessed.
- Next, it is paramount to update your software and applications. Many updates will increase privacy and security. Failing to update your software makes you more susceptible to data breach.
- It is important to monitor the apps and software you are using. Burd explained that the rule of privilege must be used to delete the apps that you do not use. Even if you are not using an app, it collects your information in the background. Therefore, you should delete the apps you do not use to limit the amount of personal information being collected.
- Lastly, do not give out your information to telemarketers that are posed as government agencies. While this seems like common sense, many are susceptible to the manipulation of these hackers. Many times, hackers will pose as the Social Security agency or a banking institution, informing you that your account is in jeopardy of being terminated. These telecommunications can seem realistic to an individual who is ignorant about these processes. On the contrary, government agencies provide as little information as possible before verifying the individual's identity. Most of the time, a government agency will send you a notification through registered mail and require multiple steps to authenticate your identity. Government agencies force you to come to them, whereas false telemarketers come to you.
Cybersecurity is a shared responsibility between individuals and organizations. Individuals need to take the proper steps to protect their information, while organizations can provide the tools necessary to handle cyber threats.
For More Information
STOP.THINK.CONNECT
For More Information
STOP.THINK.CONNECT
This is a "global online safety awareness campaign to help
all digital citizens stay safer and more secure online." The campaign
highlights the risks associated with using the Internet and how one can
practice safe online behavior. The campaign is sponsored by private companies,
non-profits, and government organizations.
StaySafeOnline is powered by the National Cyber Security Alliance
and focuses on "educating and empowering our global digital society to use
the internet safely and securely."
National Cyber Security
Awareness Month is sponsored by Homeland Security to "raise awareness
about the importance of cybersecurity and to ensure that all Americans have the
resources they need to be safer and more secure online." Learn more about
the main message of 2019, Own It. Secure It. Protect It.
The NSA/CSS "leads the
U.S. Government in cryptology and enables computer networks operations in order
to gain a decision advantage for the Nation and our allies." The
organization's goal is to "discover adversaries' secrets, protect U.S.
secrets, and outmaneuver adversaries in cyberspace while maintaining the
privacy of the American people."
~Emily Hancz
Comments