Advanced search Help
Searching for terms: EXACT: "United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency" in: publisher
Clear all search criteria
Only 2/3! You are seeing results from the Public Collection, not the complete Full Collection. Sign in to search everything (see eligibility).
-
National Emergency Communications Plan (2019)
From the Message from the Director of the Cybersecurity and Infrastructure Security Agency: "The National Emergency Communications Plan (NECP) is the Nation's roadmap to ensuring emergency communications interoperability at all levels of government. The Cybersecurity and Infrastructure Security Agency leads the effort to update and implement the NECP, but it requires participation from the whole community to be successful. Since the last NECP release in 2014, the emergency communications landscape has experienced unprecedented change. The frequency and complexity of emergencies are on the rise during a time when technology is advancing at a faster pace than any other time in history. While responders still rely heavily on land mobile radio for voice communications, comprehensive strategies for emergency communications must integrate the full Emergency Communications Ecosystem, including broadband, alerts and warnings, social media, and Next Generation 911. Internet Protocol-based devices and applications have the potential to vastly improve emergency responder capabilities, yet also introduce new challenges such as cybersecurity threats, the need for a more technically skilled workforce, and shorter equipment lifecycles. The NECP emphasizes the need for strong governance structures, updated policies and procedures, as well as joint exercises and trainings to improve interoperability which ensures information is provided to the right people at the right time. The 2019 NECP update was developed in partnership with Federal, state, local, tribal, and territorial jurisdictions and the private sector."
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
2019-09
-
Cyber Essentials (Fall 2019)
From the Document: "Reducing your organization's cyber risks requires a holistic approach -- similar to the approach you would take to address other operational risks. [...] Managing cyber risks requires building a culture of cyber readiness."
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
2019
-
Guide to Critical Infrastructure Security and Resilience
From the Foreword: "The U.S. Department of Homeland Security, in collaboration with the U.S. Department of State, has prepared this guide to serve as an overview of the approach to critical infrastructure security and resilience adopted in the United States. As attacks on soft targets and crowded places continue across the globe, the need to address current and emerging challenges increases. Therefore, the Department of Homeland Security and Department of State are working together to enhance domestic and global security, with ongoing programs, and recognizing that new approaches may be needed to address these evolving issues. The intent of this guide is to share basic information and U.S. lessons learned over the last 15 years, rather than to promote specific approaches. This information may apply to other countries, particularly those countries that are considering developing or refining their own voluntary and regulatory-based infrastructure security and resilience programs."
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
2019-11
-
Cybersecurity and Infrastructure Security Agency Strategic Intent: 'Defend Today, Secure Tomorrow'
From the Introduction: "This document lays out the strategic vision and operational priorities of the CISA [Cybersecurity and Infrastructure Security Agency] Director. It provides a general approach for how we execute our responsibilities and serves as a reference point for our employees and partners to guide our work and create unity of effort. It aims to position us to successfully meet our mission in the coming years and decades. It serves as the interim strategy as we develop a longer-term strategic plan. The common framework of goals and outcomes helps organize our mission execution and inform management decisions--including operations planning, requirements generation, budget formulation, and performance management. These are high-level outcomes that we will constantly seek to achieve; specific actions and milestones will appear in operational and organizational plans. These goals and outcomes give us a constant foundation for capability and direction as threats and the mission space dramatically evolve."
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
2019-08
-
Insider Threat Programs for the Critical Manufacturing Sector Implementation Guide
From the Document: "The 'Insider Threat Programs for the Critical Manufacturing Sector Implementation Guide' was developed to provide guidance and information for critical manufacturing organizations to establish insider threat programs. These programs serve to gather, monitor, and assess information for insider threat detection and mitigation strategies. Insider threat programs are designed to detect, deter, and mitigate the risks associated with trusted insiders and protect the privacy of the workforce while reducing potential harm to the organization. Effective insider threat programs deploy risk management strategies that identify the assets or resources to be protected, identify potential threats, determine vulnerabilities, assess risk, and deploy countermeasures."
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
2019-08
-
Infrastructure Security Month 2019 [toolkit]
From the Document: "How often do you think about the things that sustain the American way of life? Safe transportation networks that get us where we need to go. Reliable and secure communications and internet infrastructure that connect us to the online tools and systems we rely on. Clean, available water for drinking and sanitation. Chemicals that are integral to everything from plastics to food preservation to medicines, and the electricity that keeps everything running. What about the malls, sports arenas, office buildings and other commercial facilities that house the places we gather for work and recreation? Even the systems that support our democratic processes--voting machines and the systems that support voting--are critical. Critical infrastructure security and resilience also includes the people who gather for activities that are part of our lives: attending a house of worship, going to a concert or other event, even gathering in a crowded open venue like a holiday market or festival. These are just a few examples of the 16 critical infrastructure sectors and additional subsectors that are absolutely essential to the standard of living that Americans have come to expect and rely on every day. Yet most people take these things for granted. It's not until one of these systems breaks down that we truly appreciate all we have."
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
2019
-
National Emergency Communications Plan (NECP): 2019 Update
From the Update Overview: "The National Emergency Communications Plan (NECP) is the Nation's strategic plan to strengthen and enhance emergency communications capabilities. The Cybersecurity and Infrastructure Security Agency (CISA) worked with over 3,500 Federal, state, local, tribal and territorial public safety agencies and organizations to develop the NECP. As a result, the updated NECP addresses the current gaps within emergency communications and promotes the innovation and integration of new technologies, while considering their associated risks. In addition, it provides guidance to drive the enhancements of the Nation's emergency communications capabilities."
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
2019
-
Enhancing Post-Disaster Access for Restoration of Community Lifelines and Essential Services
From the Introduction: "Similar to other essential service industries, communications and utility providers require coordinated access into disaster areas as early as possible after an emergency in order to conduct damage assessments, repair communications-related critical infrastructure, and effectively and safely restore essential services to enable community recovery. Currently, there is no uniform or standardized process--established at the federal, state, or local levels--for managing access across jurisdictional lines. In many instances, this lack of a common access management process has significantly hindered restoration efforts, increased restoration times and recovery costs, and placed additional stress on affected communities."
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
2019-04-01
-
Overview of Risks Introduced by 5G Adoption in the United States
From the Key Findings: "The Department of Homeland Security (DHS)/Cybersecurity and Infrastructure Security Agency (CISA) assesses that Fifth Generation Mobile Network (5G) will present opportunities and challenges, and its implementation will introduce vulnerabilities related to supply chains, deployment, network security, and the loss of competition and trusted options."
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
2019-07-31
-
Cybersecurity and Infrastructure Security Agency: Fiscal Year 2019, SAFECOM Guidance on Emergency Communications Grants
From the Introduction: "The Department of Homeland Security (DHS) is mandated to administer responsibilities and authorities relating to the SAFECOM [safety communication] Program. Within DHS, the Cybersecurity and Infrastructure Security Agency (CISA) Emergency Communications Division--formerly the Office of Emergency Communications--is responsible for developing coordinated guidance for federal grant programs for public safety communications. As a result, CISA develops the annual SAFECOM Guidance on Emergency Communications Grants (SAFECOM Guidance) as a reference guide for entities applying for federal financial assistance for emergency communications projects. [...] The 'SAFECOM Guidance' provides general information on eligible activities, technical standards, and other terms and conditions that are common to most federal emergency communications grants. It aims to ensure that policies and standards across federal grant programs provide a consistent approach to improving emergency communications nationwide. The 'SAFECOM Guidance' achieves this consistency by aligning recommendations with the Nation's strategic plan for emergency communications, entitled the 'National Emergency Communications Plan' (NECP)."
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
2019
-
Public Safety Communications Evolution [January 2019]
From the Document: "The Cybersecurity and Infrastructure Security Agency (CISA) developed this brochure in collaboration with SAFECOM and the National Council of Statewide Interoperability Coordinators (NCSWIC), with the support and input of public safety officials at multiple levels of government across the country. The Public Safety Communications Evolution brochure: 1. Helps educate the public safety community and elected and appointed officials about the technologies and services to support the future of public safety communications; 2. Describes the evolution of public safety communications and how legacy land mobile radio (LMR) communications used today continues to be the primary voice communications pathway for public safety personnel while the First Responder Network Authority's (FirstNet) Nationwide Public Safety Broadband Network (NPSBN) concurrently brings enhanced wireless broadband data communication capabilities through the deployment of a nationwide data network; 3. Discusses some ofthe most important requirements necessary to achieve the desired future long-term evolution of LMR technology networks and whether a transition is beneficial and operationally effective for the public safety community[.]"
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
2019-01
-
Emergency Directive 19-01: Mitigate DNS Infrastructure Tampering
"In coordination with government and industry partners, the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) is tracking a series of incidents involving Domain Name System (DNS) infrastructure tampering. CISA is aware of multiple executive branch agency domains that were impacted by the tampering campaign and has notified the agencies that maintain them. [...] To address the significant and imminent risks to agency information and information systems presented by this activity, this emergency directive requires the following near-term actions to mitigate risks from undiscovered tampering, enable agencies to prevent illegitimate DNS activity for their domains, and detect unauthorized certificates."
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
2019-01-22
-
Cybersecurity Directives [website]
"The Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS) develops and oversees the implementation of 'binding operational directives' and 'emergency directives,' which require action on the part of certain federal agencies in the civilian executive branch."
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
-
Security of Soft Targets and Crowded Places--Resource Guide
From the Resource Matrix: "Segments of our society are inherently open to the general public, and by nature of their purpose do not incorporate strict security measures. Given the increased emphasis by terrorists and other extremist actors to leverage less sophisticated methods to inflict harm in public areas, it is vital that the public and private sectors collaborate to enhance security of locations such as transportation centers, parks, restaurants, shopping centers, special event venues, and similar facilities. Securing these locations is essential to preserving our way of life and sustaining the engine of our economy. The Infrastructure Security Division (ISD), part of the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA), is committed to improving the security and resilience of soft targets by providing relevant tools, training, and programs to both the public and private sectors, and the general public. This guide is a catalog of ISD soft target resources, many of which were created in collaboration with our partners to ensure they are useful and reflective of the dynamic environment we live in."
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
2019-04
-
Supply Chain Risk Management [presentation]
From the Presentation: "[1] A renewed focus on supply chain risk management (SCRM) in the context of national security, its importance to the prosperity of the larger U.S. economy, and its entwined cyber threats, make SCRM a new and critical aspect of CISA [Cybersecurity and Infrastructure Security Agency] concern; [2] Increasing CISA is talking about SCRM as 'National Industrial Base Security' to allow for a precise conversation both on the nature of the evolving threat and how CISA means to adapt to protect the U.S.; [3] SCRM has historically been seen as the purview of the Department of Defense under The Defense Production Act and derived from that laws Title 3 authority; [4] This historic lens has focused much of the discussion about supply chain security around those industries and applications that held intrinsic defense applications and largely ignored the greater uses to society."
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
2019?
-
Compliance Requirements for Release Chemicals [presentation]
This presentation covers the following topics: "[1] Release chemicals vs. Theft/Diversion chemicals; [2] Detection and Delay requirements; [3] Response requirements; [4] Cyber requirements; [5] Additional Considerations; and [6] Cyber Resources[.]"
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
2019?
-
Information and Communications Technology Supply Chain Risk Management Task Force: Threat Evaluation Working Group: Threat Scenarios
From the Executive Summary: "Cyber Supply Chain Risk Management (C-SCRM) is the process of identifying, assessing, preventing, and mitigating the risks associated with the distributed and interconnected nature of Information and Communications Technology (ICT) (including the Internet of Things) product and service supply chains. C-SCRM covers the entire life cycle of ICT, and encompasses hardware, software, and information assurance, along with traditional supply chain management and supply chain security considerations. [...] Working Group 2 (WG2), Threat Evaluation, was established for the purpose of the identification of processes and criteria for threat-based evaluation of ICT suppliers, products, and services. WG2 focused on threat evaluation as opposed to the more comprehensive task of risk assessment which considers threats as well as an organization's tolerance for risk, the criticality of the specific asset or business/mission purpose, and the impact of exploitation of specific vulnerabilities that might be exploited by an external threat."
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
2020-02
-
Condition Assessment Procedures for Concrete Dams with Post-Tensioned Anchors
From the Document: "Researchers at the US Army Engineer Research and Development Center (ERDC) sought to develop engineering procedures to estimate the current load-carrying capacity of ground anchorage, and other factors related to the deterioration and lifespan of dam anchors. Based on previous work developed during the FY2017 NIPP [National Infrastructure Protection Plan] Challenge by the team of researchers from Harvey Mudd College and Engineering Innovations, the ERDC needed to fully understand the benefits and limitations associated with the techniques developed by the 2017 project team. Early research into the use of Performance Based Testing (PBT) for evaluating the condition of anchors in concrete dams was conducted in 2017. The research procedures established during the 2017 project relied upon the dam's ability to pull the anchors into resonance. This process deviated from current testing procedures because typical post-tensioned anchor tests are designed using basic equilibrium (static) equations."
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
-
Building Disaster Resiliency in the Public Sector by Leveraging Critical Healthcare Supply Chain Information
From the Document: "The nation's healthcare supply chain undergoes significant strain when there are disruptions to U.S. critical infrastructure. The supply chain depends upon private medical-surgical distributors who deliver supplies to 300,000 points-of-care, including hospitals, nursing homes, and other medical facilities. Due to limited suitable storage space in healthcare facilities, the needed health care products are usually sourced from local distribution centers,which typically make daily deliveries. As a result, any interruption of deliveries could cause significant shortages at these healthcare facilities. Currently, there is no mapping framework or formal method of communication that public agencies can use to identify where the nation's distribution centers are located and what supplies are available. This lack of information limits the ability of public and private partners to respond quickly to disasters by re-routing or prioritizing delivery of healthcare products."
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
-
Location Detection of Rogue Base Stations/IMSI Catchers
From the Document: "Rogue base stations, also known as international mobile subscriber identity (IMSI) catchers, are devices that masquerade as cell phone towers, tricking cell phones within a certain radius into connecting to the device rather than a tower. During recent pilot tests conducted over the public airwaves, DHS detected anomalous activity that appeared to be consistent with rogue technology being used in proximity to sensitive facilities such as the White House. Some rogue base stations may have advanced features allowing interception and alteration of communication content. As a result of unknown capabilities, there is a need to detect rogue base stations in order to better protect the communication sector's critical infrastructure."
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
-
CFATS Risk-Based Performance Standards (RBPS) 12iv--Screening for Terrorist Ties
From the Document: "The Cybersecurity and Infrastructure Security Agency's (CISA) Chemical Facility Anti-Terrorism Standards (CFATS) program identifies and works with high-risk facilities to ensure they have security measures in place to reduce the risk of more than 300 chemicals of interest (COI) being weaponized. High-risk facilities are assigned to one of four risk-based tiers and must develop a security plan meeting the 18 risk-based performance standards (RBPS) criteria. Facilities flexibility to select measures tailored to their tier level and unique circumstances."
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
2019-11-01
-
Public Venue Bag Search Procedures Guide: Commercial Facilities Sector
From the Introduction: "This guide provides suggestions for developing and implementing bag search procedures at public assembly venues hosting a variety of events, which may include sporting events, concerts, family festivals, or other public gatherings. Venue owners, operators, and event organizers may also choose to use additional resources (e.g., consult law enforcement) to supplement the procedures outlined in this guide."
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
2019-06
-
Convenience Store and Fuel Retailer Emergency Preparedness: Resilience for the Last 50 Feet
From the Document: "Convenience stores and fuel retailers represent a critical component of the Nation's supply chain, providing necessary resources to communities across the Nation. Often referred to as the last 50 feet of the supply chain for fuel, food, water and financial services, convenience stores house 80 percent of the Nation's gasoline, 50 percent of its water, and operate 33 percent of its ATMs [automated teller machines]. Additionally, convenience stores and fuel retailers may have the only source of electricity (through on-site generators) during disaster incidents. They are a familiar presence in the community, and it is estimated that 165 million people shop at convenience stores or fuel retailers every day, generating approximately $601 billion in annual revenue. From an operations perspective, the situation is unique; 24/7 operations, diffused ownership, geographically at-risk locations, diversity of managers and employees, and low-margin businesses that, nonetheless, are the endpoint of the supply chain for food, fuel, water, and finance. Unfortunately, more often than not, they do not have procedures in place for when disasters take place."
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
-
5G Wireless Networks: Market Penetration and Risk Factors [Infographic]
From the Document: "5G [5th generation] is the next generation of wireless networks, building upon existing 4G [4th generation] Long-Term Evolution (LTE) infrastructure and improving the bandwidth, capacity, and reliability of wireless broadband services. It is intended to meet increasing data and communication requirements, including capacity for tens of billions of connected devices that will make up the Internet of Things (IoT), ultra-low latency required for critical near-real time communications, and faster speeds to support emerging technologies. 5G is expected to bring security improvements and a better user experience, but supply chain, deployment, network security, and competition and choice vulnerabilities may affect the security and resilience of 5G networks."
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
2019-07
-
Office for Bombing Prevention: Chemical Summit Briefing 2019 [presentation]
From the presentation: "OBP [Office for Bombing Prevention] leads the Department of Homeland Security's (DHS) efforts to implement National Counter-Improvised Explosive Device (C-IED) policy and enhance the Nation's ability to prevent, protect against, respond to, and mitigate the use of explosives against critical infrastructure; the private sector; and federal, state, local, tribal, and territorial entities."
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
2019
-
Reducing the Threat of Improvised Explosive Device Attacks by Restricting Access to Explosive Precursor Chemicals [presentation]
This presentation covers information on chemicals that have been used or are susceptible to use in IEDs [Improvised explosive devices], either in U.S. or internationally.
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
Conklin, Craig
2019-07-17
-
Chemical Facility Antiterrorism Standards (CFATS): What to Expect During a CFATS Inspection [presentation]
From the Presentation: "Chemical Security Inspectors conduct several types of inspections and visits to facilities, including: [1] Compliance Assistance Visits: Conducted at any stage of CFATS [Chemical Facility Antiterrorism Standards] implementation to provide technical assistance and educate covered facilities on the CFATS regulation; [2] Authorization Inspections: Conducted at a covered facility after a Letter of Authorization in order to verify that the contents listed in the facility's authorized Site Security Plan (SSP) or Alternative Security Program (ASP) are accurate and complete, and that the equipment, processes, and procedures described are appropriate and sufficient to meet applicable performance standards; [3] Compliance Inspections: Conducted after a Letter of Approval to ensure both existing and planned security measures that are identified within the approved SSP or ASP continue to be implemented fully and on schedule[.]"
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
McNeely, Christopher; Frey, Doug
2019-07
-
#Protect2020 Strategic Plan
From the Background: "Through #Protect2020, CISA [Cybersecurity and Infrastructure Security Agency] leverages a wide range of offerings and services to build outreach programs and engage local election officials in the over 8,000 election jurisdictions across the country. CISA builds these crucial relationships within the election community by supporting election officials in their efforts to identify and plan for potential vulnerabilities to elections infrastructure ahead of and during the 2020 election cycle. CISA engages political campaigns by supporting the development of non-partisan informational products and conducting voluntary assessments, partners with the private sector to collaborate on best practices and vendor security, and works towards raising public awareness about foreign interference efforts."
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
2020-02
-
CISA Insights: Enhance Email & Web Security
From the Document: "Phishing emails and the use of unencrypted Hypertext Transfer Protocol (HTTP) remain persistent channels through which malicious actors can exploit vulnerabilities in an organization's cybersecurity posture. Attackers may spoof a domain to send a phishing email that looks like a legitimate email. At the same time, users transmitting data via unencrypted HTTP protocol, which does not protect data from interception or alteration, are vulnerable to eavesdropping, tracking, and the modification of the data itself. The Cybersecurity and Infrastructure Security Agency (CISA) encourages its State, Local, Tribal and Territorial (SLTT) government partners, as well as private entities, to use this guide to learn more about this threat and associated mitigation activities."
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
2019?
-
CISA Insights: Secure High Value Assets (HVAs)
From the Document: "A High Value Asset (HVA) is information or an information system that is so critical to an organization that the loss or corruption of this information or loss of access to the system would have serious impact to the organization's ability to perform its mission or conduct business. These assets, systems, and datasets may contain sensitive controls, instructions or data used in critical operations, or they may house unique collections of data. These sensitivities make HVAs of particular interest to criminal, politically-motivated, or state-sponsored actors for either direct exploitation of the data or to cause a loss of confidence by the public. To counter dynamic threats to the security and resilience of HVAs, it is essential that organizations take a more comprehensive view of the risk they pose and the information and information systems they target. The Cybersecurity and Infrastructure Security Agency (CISA) encourages its State, Local, Tribal and Territorial (SLTT) government partners, as well as private sector owners of critical infrastructure, to use this guide to learn more about the threat to HVAs and associated mitigation activities."
United States. Department of Homeland Security. Cybersecurity and Infrastructure Security Agency
2019?
