Cybersecurity and Infrastructure Security Agency


The Cybersecurity and Infrastructure Security Agency was established on 16 November 2018 when President Donald Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018. CISA is a standalone United States federal agency, an operational component under Department of Homeland Security oversight. Its activities are a continuation of the National Protection and Programs Directorate.
Former NPPD Under Secretary Christopher Krebs is CISA's first Director, and former Deputy Under Secretary Matthew Travis is its first Deputy Director. The expected role of CISA is to improve cybersecurity across all levels of government, coordinate cybersecurity programs with states, and improve the government's cybersecurity protections against private and nation-state hackers.

History

Formed in 2007, the National Protection and Programs Directorate was a component of the United States Department of Homeland Security. NPPD's goal was to advance the Department's national security mission by reducing and eliminating threats to U.S. critical physical and cyber infrastructure.
The NPPD was led by the Under Secretary of Homeland Security for National Protection and Programs, appointed by the President of the United States with confirmation by the United States Senate.
On November 16, 2018, President Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018, which elevated the mission of the former NPPD within DHS, establishing the Cybersecurity and Infrastructure Security Agency.
NPPD was the lead component of the United States Department of Homeland Security in the protection of the Nation's physical and cyber critical infrastructure and key resources from terrorist attacks, natural disasters, and other catastrophic incidents. NPPD collaborated and shared information with federal, state, local, tribal, international, and private-sector partners.
On January 22, 2019, CISA issued its first-ever Emergency Directive warning that "an active attacker is targeting government organizations" using DNS spoofing techniques to perform man-in-the-middle attacks. Research group FireEye stated that "initial research suggests the actor or actors responsible have a nexus to Iran."

Subcomponents

CISA subcomponents include the:
The Cybersecurity Division leads efforts to protect the federal ".gov" domain of civilian government networks, and to collaborate with the private sector to increase the security of critical networks. This occurs through four primary functions.
CISA's National Cybersecurity and Communications Integration Center's is the Nation's flagship cyber defense, incident response, and operational integration center. Since 2009, the NCCIC has served as a national hub for cyber and communications information, technical expertise, and operational integration, and by operating our 24/7 situational awareness, analysis, and incident response center.
As the Sector-Specific Agency for the Communications and Information Technology sectors, CISA coordinates national-level reporting that is consistent with the National Response Framework.

Infrastructure Security Division (ISD)

The Infrastructure Security Division coordinates and collaborates across government and the private sector. The Division conducts and facilitates vulnerability and consequence assessments to help critical infrastructure owners and operators and State, local, tribal, and territorial partners understand and address risks to critical infrastructure. It also provides information on emerging threats and hazards so that appropriate actions can be taken, as well as tools and training to partners to help partners in government and industry manage the risks to their assets, systems, and networks.

Emergency Communications Division (ECD)

The Emergency Communications Division supports and promotes communications used by emergency responders and government officials to keep America safe, secure, and resilient. The CISA Emergency Communications Division leads the Nation’s operable and interoperable public safety and national security and emergency preparedness communications efforts. The Emergency Communications Division provides training, coordination, tools, and guidance to help its federal, state, local, tribal, territorial and industry partners develop their emergency communications capabilities. The Emergency Communications Division’s programs and services coordinate emergency communications planning, preparation and evaluation, to ensure safer, better-prepared communities nationwide.

National Risk Management Center (NRMC)

The National Risk Management Center is housed within the Cybersecurity and Infrastructure Security Agency. The NRMC is a planning, analysis, and collaboration center working to identify and address the most significant risks to the nation’s critical infrastructure.
The NRMC works in close coordination with the private sector and other key stakeholders in the critical infrastructure community to: Identify; Analyze; Prioritize; and Manage the most strategic risks to our National Critical Functions—the functions of government and the private sector so vital to the United States that their disruption, corruption, or dysfunction would have a debilitating impact on security, national economic security, national public health or safety, or any combination.

Integrated Operations Division (IOD)

CISA's newly created Operations Division is designed to consolidate the management of operational field activities throughout the CISA Regions, emergency support functions, certain operational watch functions, continuity of operations programs, internal training and exercises, and other elements, as appropriate.

Stakeholder Engagement Division (SED)

The Stakeholder Engagement Division within Cybersecurity and Infrastructure Security Agency streamlines strategic outreach to government and industry partners, by leveraging capabilities, information and intelligence, and subject matter experts in order to meet stakeholder requirements. SED programs and initiatives build public, private and international partnerships and capacity for resilience across the nation's critical infrastructure and the cybersecurity community.

Federal Protective Service

is a federal law enforcement agency that provides integrated security and law enforcement services to federally owned and leased buildings, courthouses, facilities, properties and other assets, as well as the personnel associated with them. The agency leads the department's comprehensive security and law enforcement services for mitigating risk to more than 9,000 federal facilities and their 1.1 million occupants nationwide. Operational activities include law enforcement response; risk assessments of federal facilities to determine, recommend, and install appropriate risk mitigation measures; and oversight of between 12,000 and 15,000 armed contract protective security officers, depending on customer requirements. Further, personnel conduct criminal investigations, provide regular security awareness training to stakeholders, and provide support to major events.