The Cybersecurity & Infrastructure Security Agency

 

    As technology continues to grow and everyday citizens rely on it more and more, the likelihood of sensitive data like identities, health information, and intellectual property being stolen and compromised has grown. Whether it's someone's social media information or crucial information about a business, cyber attacks have grown and affected more individuals. More recently, cyber attacks are becoming likely due to the Russian invasian of Ukraine as a "response to the economic costs imposed on Russia by the U.S."

      The Cybersecurity & Infrastructure Security Agency (CISA), an agency of the Department of Homeland Security, leads the "national effort" in regard to cyber and physical infrastructure. CISA's mission is to "lead the National effort to understand, manage, and reduce risk to our cyber & physical infrastructure." CISA has two key roles: operate federal cybersecurity & coordinate infrastructure security & resilience. The Agency's director is Jen Easterly, who was nominated by President Biden in April 2021. 

Cybersecurity

    One of CISA's priorities is cybersecurity, and they work to "protect critical services and American way of life." Cybersecurity is the protection of systems and networks that can be disrupted by various means. Due to a variety of risks from physical and cyber threats, cyberspace is vulnerable. Cyberspace contains a variety of personal and governmental information that can be compromised. Other factors that make it difficult to secure cyberspace include:

• Actors can operate from anywhere in the world
• Linkages between cyberspace & physical systems
• Difficulty of reducing vulnerabilities & consequences in complex cyber networks

    CISA offers information on Nation State Cyber Threats, and they focus on China, Russia, North Korea, and Iran. They even have a Shields Up initiative, which focuses on the cyber attacks that could hurt the United States due to the Russian invasion of Ukraine. They offer actions like reducing the likelihood of damaging cyber intrustion, steps to detect potentional instructions, and maximize the organization's resilience to a destructive cyber incident. 

There's also a National Cyber Awareness System, which comes from a free subscription system. Once subscribed with an email or a phone number, the system allows individuals to choose which topics they are interested in. The choices include CISA Community Bulletin, Medical Advisories, Vulnerablity Bulletins, and much more. There are five products in the system which include:

• Current Activity
• Updates the most frequent, high-impact types of security incidents reported to the US CERT
• Alerts
• Timely information about current security issues, vulnerabilities, and exploits
• Bulletins
• Weekly summaries of new vulnerabilities
• Analysis Reports
• In-depth analysis on a new or evolving cyber threat
• Tips
• Advice for common security issues for non-technical computer users

Infrastructure Security

    Infrastructure is the "[set of] physical and cyber systems and assets that are so vital to the United States that their destruction would have a debilitating impact." Examples of infrastructure in everyone's life include firewalls, networks that smart devices connect to, and computing systems.

 CISA works with a variety of entities to make infrastructure more "resilient to cyber and physical threats." 

CISA has a set of core services and capabilities. They provide training and resources to businesses, communities, and government partners in regards to infrastructure security. They offer:

• Assessments
• Help with decisions regarding where to put resources to enhance security and improve recovery at events
• Chemical Security
• Chemical Facility Anti-Terrorism Standards Program
• Ensures high-risk chemical facilities have security they need
• Federal Facility Security
• Interagency Security Committee
• Increase quality of physical security of buildings and nonmiliatary federal facilities. 
• Sector Partnerships
• Partnerships between government and private sector to fulfill responsibilities to prevent risks to critical infrastructure

Under CISA's Infrastructure Security commitment, school safety and security is a priority. They offer K-12 school security guides, assessment models, active shooter preparedness, and prevention plans. 

National Risk Management

     Out of 16 infrastructure sectors, each one is complex and has the ability to debilitate sectors of the nation. The National Risk Management Center (NRMC) works to identify the greatest risks to the nation and coordinate risk reduction activities. The NRMC has 7 initiatives to manage risks including:

• Fifth Generation (5G)
• Election Security
• EMP | GMD
• ICT Supply Chain Risk Management
• National Critical Functions
• Pipeline Cybersecurity
• Positioning Navigation & Timing

Emergency Communications

    CISA works to have seamless communication during "state and emergency operations." Public safety is crucial, hence why CISA works to have the best forms of emergency response providers. Planning and preparedness is a crucial step to have operable emergency communications. There are two plans in place. The first is the National Emergency Communications Plan, which is a strategic plan that drives "measureable improvements in emergency communication across all levels of government. The second is the Statewide Communication Interoperability Plan, which consists of workshops that implement these locally-driven statewide plans. CISA values coordination and other resources to maintain proper and effective communication. 

CISA User Tools 

Two important tools that CISA offers include Stop Ransomware and Report Cyber Issues. Ransomware, "a form of malware designed to encrypt files on a device," has become common, especially in government entities and critical infrastructure organizations. CISA's Stop Ransomware site has guidance, FAQs, and resources for anyone impacted. In case of a cyber attack, CISA offers an email to be used by anyone wanting to report an attack. People can also call (888) 282-0870 to report. 

OSU Library Resources

The OSU Library offers access to a variety of CISA documents and publications including:

• Emergency Communication Systems Valuye Analysis Guide
• #Protect2020 Strategic Plan
• Resilience Series: Bug Bytes

Other Resources

School Safety

Created by the Federal Government, SchoolSafety.com offers recommendation to have a safe environment for students.

Region 6 

CISA holds 10 regional offices, with Region 6 serving Oklahoma.

_________________________________________________________

Eager to know more? Start here.

Government Information Online is produced by the staff at the Oklahoma State University Libraries Government Documents Department, a regional depository for U.S. Government and Oklahoma state government documents. We are located on the 5th floor of the Edmon Low Library. Our department website can be reached at www.info.library.okstate.edu/government-documents. For more information or for research assistance, contact us at 405.744.6546. or email suzanne.reinman@okstate.edu.