What is the CISA? How the new federal agency protects critical infrastructure from cyber threats

The U.S. Congress created The Cybersecurity and Infrastructure Security Agency to identify threats, share information and assist with incident response in defense of the nation's critical infrastructure.

CISA definition

The Cybersecurity and Infrastructure Security Agency (CISA) is a new federal agency, created to protect the nation's critical infrastructure.

It was created through the Cybersecurity and Infrastructure Security Agency Act of 2018, which was signed into law on November 16, 2018. That legislation “rebranded” the Department of Homeland Security's (DHS's) National Protection and Programs Directorate (NPPD) as the Cybersecurity and Infrastructure Security Agency and transferred resources and responsibilities of NPPD to the newly created agency. Prior to the passage of the bill, NPPD managed almost all of DHS’s cybersecurity-related matters.

CISA is responsible for protecting the nation’s critical infrastructure from physical and cyber threats. Its mission is to “build the national capacity to defend against cyber attacks” and to work “with the federal government to provide cybersecurity tools, incident response services and assessment capabilities to safeguard the .gov networks that support the essential operations of partner departments and agencies.”

Within CISA are two chief centers that are integral to the agency’s mission. The first, the National Cybersecurity and Communications Integration Center (NCCIC), provides 24x7 cyber-situational awareness, analysis, incident response and cyber-defense capabilities to the federal government; state, local, tribal and territorial governments; the private sector; and international partners. The second important center, the National Risk Management Center (NRMC) is a planning, analysis and collaboration center working to identify and address the most significant risks to the nation’s critical infrastructure.

Like NPPD before it, CISA also oversees within DHS the Federal Protective Service (FPS), the Office of Cyber and Infrastructure Analysis (OCIA), the Office of Cybersecurity & Communications (OC&C) and the Office of Infrastructure Protection (OIP). (The CISA Act of 2018, however, mandated that DHS review whether FPS, which is responsible for the physical security of nearly 10,000 federal buildings and their occupants, should be moved to another parent agency inside DHS or to another federal agency. It also moved the Office of Biometric Identity Management from NPPD to the DHS Management Directorate.)

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!