What is the CISA ICS mission?
The Cybersecurity and Infrastructure Security Agency (CISA) includes a mission to promote a cohesive effort between government and industry to improve the cyber security posture of industrial control systems (ICS) within the nation's critical infrastructure. CISA assists control systems vendors and asset owners/operators to identify security vulnerabilities and develop sound mitigation strategies that strengthen their ICS cyber security posture and reduce risk.
What are the US critical infrastructure sectors?
Presidential Policy Directive 21 (PPD-21), National Infrastructure Protection Plan (NIPP), and federal policies identified and categorized U.S. critical infrastructure into the following 16 critical infrastructure sectors:
- Commercial Facilities
- Critical Manufacturing
- Defense Industrial Base
- Emergency Services
- Financial Services
- Food and Agriculture
- Government Facilities
- Healthcare and Public Health
- Information Technology
- Nuclear Reactors, Materials, and Waste
- Transportation Systems
- Water and Wastewater Systems
How does the CISA ICS team coordinate work with other government stakeholders?
The original ICS team established the Control Systems Security Working Group (CSSWG), which provides a forum for federal stakeholders through which the federal government can communicate and coordinate its efforts to improve control systems cyber security in critical infrastructure. These efforts foster interaction and collaboration between and among federal departments and agencies regarding control systems cyber security initiatives.
The CSSWG teams individuals from various federal departments and agencies who have roles and responsibilities involved with securing industrial control systems within US critical infrastructure. Because many cyber security challenges are similar from sector to sector, this collaborative effort benefits the nation by promoting and leveraging existing work and maximizing efficient resource use.
Who are CISA’s partners?
CISA exchanges information across the global cyber security community to improve the security of the Nation’s critical infrastructure and the systems and assets on which Americans depend. Partners with which CISA may share anonymized information include U.S. federal agencies, private sector organizations, the research community, SLTT governments, and international entities.
What other services does CISA offer?
CISA stakeholders include the Federal Government; state, local, tribal, and territorial (SLTT) governments; the private sector; and international partners.
What types of informational products does CISA offer? How do I sign up to receive these products?
CISA shares timely, actionable information to the broadest extent possible.
Subscriptions are available to all users for:
- Advisories, containing a summary current security issues, vulnerabilities, and exploits.
- Alerts, of provides timely notification to critical infrastructure owners and operators concerning threats or activity with the potential to impact critical infrastructure computing networks.
To receive one or more CISA products via email, visit our Mailing Lists and Feeds webpage.
CISA also co-sponsors the NVD—the U.S. Government’s repository of standards-based vulnerability management data.
What happens if I share my info with CISA?
As a global information exchange hub, CISA bears a significant responsibility to protect the information we receive and to ensure we safeguard privacy, business confidentiality, civil rights, and civil liberties. We take this responsibility extremely seriously and we do everything in our power to earn our stakeholders’ trust by maintaining the confidentiality of sensitive information.
CISA routinely leverages the information sharing Traffic Light Protocol (TLP). TLP is not a classification tool, rather an intuitive schema to guide distribution according to relative risk.
CISA also serves as the Federal Government’s capability and process for receiving cyber threat indicators and defensive measures from non-federal entities under the Cybersecurity Information Sharing Act of 2015. Non-federal entities sharing cyber threat indicators and defensive measures with CISA in compliance with CISA’s requirements are eligible for multiple protections. These include:
- Liability protection for sharing cyber threat indicators.
- Exemption from disclosure under state and federal disclosure laws, including the Freedom of Information Act (FOIA).
- Exemption from state and federal regulatory uses.
- No waiver of applicable privileges, such as the attorney-client privilege.
- Treatment as commercial, financial, or proprietary information when so designated by the submitter.
- Ex parte communications waiver.
- Exemption from federal antitrust laws.
For more information, consult the Non-Federal Entity Sharing Guidance under the Cybersecurity Information Sharing Act of 2015, posted at https://www.us-cert.gov/ais.
In addition, entities can submit information for protection under the Critical Infrastructure Information Act of 2002. Once validated by CISA as Protected Critical Infrastructure Information (PCII), this information is protected from:
- Exemption from disclosure under state and federal disclosure laws, including the Freedom of Information Act (FOIA),
- Protection from use in regulatory actions, and
- Protection from use in civil litigation.
Only trained and certified federal, state, and local government employees or contractors may access PCII and only in accordance with strict safeguarding and handling requirements. In all instances, CISA prioritizes the security and privacy of information when sharing with its partners.
I work within the ICS community, and I am interested in joining the CISA team. How do I find information about opportunities at CISA?