The Cybersecurity and Infrastructure Security Agency - Security Boulevard

The Cybersecurity and Infrastructure Security Agency


The Cybersecurity and Infrastructure Security Agency is an agency within the U.S. Department of Homeland Security (DHS). It was formed on November 16th, 2018 with the signing of the Cybersecurity and Infrastructure Security Agency Act of 2018.

What is CISA?

The Cybersecurity and Infrastructure Security Agency (CISA) was formerly the National Protection and Programs Directorate (NPPD). This new name for the DHS department better reflects its core function.

Like the National Security Agency (NSA) is tasked with protecting the .mil domains of the U.S. military, it’s the job of DHS (and more specifically CISA) to protect the .gov space of the civilian government. CISA’s name and mission both reflect its core mandate: to protect the U.S. critical infrastructure, especially against attacks performed via cyberspace.

The role of CISA in government

The job of CISA is to protect the government from being hacked. More specifically, this involves acting a lot like a third-party cybersecurity services provider to other government departments. CISA’s role includes:

  • Providing cybersecurity tools
  • Incident assessment and response
  • Coordinating public/private sector partnerships for security and resilience
  • Technical assistance and assessments
  • Supporting emergency and natural disaster responders
  • Risk assessment for critical infrastructure

With this list of capabilities, it appears likely that CISA will continue to fill a consulting or advisory role for other government departments instead of a controlling one. Other departments will likely have to decide (or be ordered) to enlist CISA’s help when preparing to deal with potential threats.

Potential impacts of CISA

As a whole, CISA seems to be designed to provide U.S. government departments with the tools and aid that they need to protect themselves. With the agency only a few months old, it’s difficult to predict what they will do; however, some potential impacts stand out, based on their mandate (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Howard Poston. Read the original post at: