Cybersecurity and Infrastructure Security Agency

The Cybersecurity and Infrastructure Security Agency (CISA) is an agency of the United States Department of Homeland Security (DHS) that is responsible for strengthening cybersecurity and infrastructure protection across all levels of government, coordinating cybersecurity programs with U.S. states, and improving the government's cybersecurity protections against private and nation-state hackers.^[4] Its activities are a continuation of the National Protection and Programs Directorate (NPPD), and was established on November 16, 2018, when President Donald Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018.^[5][4]

History

The National Protection and Programs Directorate (NPPD) was formed in 2007 as a component of the United States Department of Homeland Security.^[6] NPPD's goal was to advance the Department's national security mission by reducing and eliminating threats to U.S. critical physical and cyber infrastructure.

On November 16, 2018, President Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018, which elevated the mission of the former NPPD within DHS, establishing the Cybersecurity and Infrastructure Security Agency (CISA).^[7] CISA is a successor agency to NPPD, and assists both other government agencies and private sector organizations in addressing cybersecurity issues.^[8] Former NPPD Under-Secretary Christopher Krebs was CISA's first Director, and former Deputy Under-Secretary Matthew Travis was its first deputy director.^[9][10]

On January 22, 2019, CISA issued its first Emergency Directive (19-01: Mitigate DNS Infrastructure Tampering)^[11] warning that "an active attacker is targeting government organizations" using DNS spoofing techniques to perform man-in-the-middle attacks.^[12] Research group FireEye stated that "initial research suggests the actor or actors responsible have a nexus to Iran."^[13]

In 2020, CISA created a website, titled Rumor Control, to rebut disinformation associated with the 2020 United States presidential election.^[14] On November 12, 2020, CISA issued a press release asserting, "There is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised."^[15] On the same day, Director Krebs indicated that he expected to be dismissed from his post by the Trump administration.^[16] Krebs was subsequently fired by President Trump on November 17, 2020^[17] via tweet for his comments regarding the security of the election.^[18]

On July 12, 2021, the Senate confirmed Jen Easterly by a Voice Vote.^[19] Easterly’s nomination had been reported favorably out of Senate Committee on Homeland Security and Governmental Affairs on June 16, but a floor vote had been reportedly held (delayed) by Senator Rick Scott over broader national security concerns, until the President or Vice President had visited the southern border with Mexico.^[20]

Performance

In September 2022, CISA released their 2023–2025 CISA Strategic Plan, the first comprehensive strategy document since the agency was established in 2018.^[21]

In August 2021, Easterly stated "One could argue we’re in the business of critical infrastructure, and the most critical infrastructure is our cognitive infrastructure, so building that resilience to misinformation and disinformation, I think, is incredibly important."^[22]

Divisions

CISA divisions include the:^[23]

• Cybersecurity Division
• Infrastructure Security Division
• Emergency Communications Division
• National Risk Management Center
• Integrated Operations Division
• Stakeholder Engagement Division

Committees

Cybersecurity Advisory Committee

In 2021, the Agency created the Cybersecurity Advisory Committee with the following members:^[24]

• Steve Adler, Mayor, City of Austin, Texas
• Marene Allison, Chief Information Security Officer, Johnson & Johnson
• Lori Beer, Chief Information Officer, JPMorgan Chase
• Robert Chesney, James A. Baker III Chair in the Rule of Law and World Affairs, University of Texas School of Law
• Thomas Fanning, Chairman, President and CEO, Southern Company
• Vijaya Gadde
• Patrick Gallagher, Chancellor, University of Pittsburgh
• Ronald Green, Executive Vice President and Chief Security Officer, Mastercard
• Niloofar Razi Howe, Board Member, Tenable
• Kevin Mandia, Chief Executive Officer, Mandiant
• Jeff Moss, President, DEF CON Communications
• Nuala O’Connor, Senior Vice President & Chief Counsel, Digital Citizenship, Walmart
• Nicole Perlroth, Cybersecurity journalist
• Matthew Prince, Chief Executive Officer, Cloudflare
• Ted Schlein, General Partner, Kleiner Perkins; and Caufield & Byers
• Stephen Schmidt, Chief Information Security Officer, Amazon Web Services
• Suzanne Spaulding, Senior Advisor for Homeland Security, CSIS
• Alex Stamos, Partner, Krebs Stamos Group
• Kate Starbird, Associate Professor, Human Centered Design & Engineering, University of Washington
• George Stathakopoulos, Vice President of Corporate Information Security, Apple
• Alicia Tate-Nadeau (ARNG-Ret.), Director, Illinois Emergency Management Agency
• Nicole Wong, Principal, NWong Strategies
• Chris Young, Executive Vice President of Business Development, Strategy, and Ventures, Microsoft

Directors

<templatestyles src="Module:Hatnote/styles.css"></templatestyles>

See also

• List of federal agencies in the United States

References

<templatestyles src="Reflist/styles.css" />

External links

• No URL found. Please specify a URL here or add one to Wikidata.

Lua error in package.lua at line 80: module 'strict' not found.

1. ↑ Lua error in package.lua at line 80: module 'strict' not found.
2. ↑ Lua error in package.lua at line 80: module 'strict' not found.
3. ↑ Lua error in package.lua at line 80: module 'strict' not found.
4. ↑ ^{4.0 4.1} Lua error in package.lua at line 80: module 'strict' not found.
5. ↑ Lua error in package.lua at line 80: module 'strict' not found.  This article incorporates text from this source, which is in the public domain.
6. ↑ Lua error in package.lua at line 80: module 'strict' not found.
7. ↑ Lua error in package.lua at line 80: module 'strict' not found.
8. ↑ Lua error in package.lua at line 80: module 'strict' not found.
9. ↑ Lua error in package.lua at line 80: module 'strict' not found.
10. ↑ Lua error in package.lua at line 80: module 'strict' not found.
11. ↑ Lua error in package.lua at line 80: module 'strict' not found.
12. ↑ Lua error in package.lua at line 80: module 'strict' not found.
13. ↑ Lua error in package.lua at line 80: module 'strict' not found.
14. ↑ Lua error in package.lua at line 80: module 'strict' not found.
15. ↑ Lua error in package.lua at line 80: module 'strict' not found.
16. ↑ Lua error in package.lua at line 80: module 'strict' not found.
17. ↑ Lua error in package.lua at line 80: module 'strict' not found.
18. ↑ Lua error in package.lua at line 80: module 'strict' not found.
19. ↑ Lua error in package.lua at line 80: module 'strict' not found.
20. ↑ Lua error in package.lua at line 80: module 'strict' not found.
21. ↑ Lua error in package.lua at line 80: module 'strict' not found.
22. ↑ Lua error in package.lua at line 80: module 'strict' not found.
23. ↑ Lua error in package.lua at line 80: module 'strict' not found.
24. ↑ Lua error in package.lua at line 80: module 'strict' not found.