The U.S. federal government's new Cybersecurity and Infrastructure Security Agency (CISA) aims to be the nation's risk advisor, according to a strategic intent document (PDF) released this month. The CISA was established within the Department of Homeland Security in 2018 to address threats to U.S. technology and physical infrastructure.
The CISA's mission is to "lead the national effort to understand and manage cyber and physical risk to our critical infrastructure," the document notes. "The 21st century brings with it an array of challenges that are often difficult to grasp and even more difficult to address," CISA Director Christopher Krebs writes in the document. He cites risk factors such as the nation's reliance on networked technologies, nature-based threats, and technology failures.
To that end, the CISA's guiding principles are:
- Leadership and collaboration with infrastructure and security partners.
- Risk prioritization to secure "national critical" functions underlying national security, economic security, public health and safety, and the continuity of government operations.
- Results oriented to reduce risk, respond to partners' requirements, and work toward common outcomes.
- Respect for national values such as civil liberties, free expression, commerce, and innovation.
- Unified mission and agency to address risks in a coordinated, cross-agency manner.
The document's subtitle, "defend today, secure tomorrow," lays out the agency's twin goals. By defend today, the CISA seeks to defend against urgent threats and hazards. The objectives are to prevent or mitigate most significant threats to federal government networks and critical infrastructure, mitigate the impact of "all-hazards" events, ensure incident response communication, and mitigate significant supply chain and emerging threats.
The secure tomorrow goal is about strengthening critical infrastructure and addressing long-term risks. The aim is to identify and manage risks to critical infrastructure, as well as to provide technical assistance.
The CISA seeks to achieve these goals through risk analysis, risk management planning, information sharing, capacity building, and incident response. Resources for delivering these services include:
- Analysts, risk models, and technical alerts.
- Collaborative planning teams and task forces.
- Policy and governance actions.
- Technical assistance teams and security advisors.
- Deployed tools and sensors.
- Grants and operational contracts.
- Exercises and training.
The strategic intent document lays out Krebs' priorities for the agency:
- China, supply chain, and 5G technologies.
- Election security.
- Soft target security such as for crowded places.
- Federal agency cybersecurity.
- Industrial control systems such as transportation systems, telecommunication networks, industrial manufacturing plants, electric power generators, oil and natural gas pipelines, and the Internet of Things.
Among the CISA's operations are the National Risk Management Center and the National Cybersecurity and Communications Integration Center, which provides incident response capabilities to all levels of government as well as the private sector.