Perhaps one of the least understood aspects of information technology is cybersecurity. Despite constant reports of major hacks and data breaches affecting millions of Americans, there are still organizations that either practice poor security habits/protocols or neglect responsibility altogether. At one point, it could be argued this even extended to the federal government when in 2015 the sensitive personal data of 22 million current and former federal employees was stolen by suggested Chinese hackers. This incident became the catalyst for many experts to determine that the United States Department of Homeland Security (DHS), the federal executive agency responsible for public security,) did not possess a good defense strategy to combat the growing number of foreign cyberattacks against Americans.
During this period the Department of Homeland Security’s (DHS) only semblance of a “cybersecurity division” was the 2007 creation: of the “National Protection and Programs Directorate” (NPPD), which handled almost all of DHS’s cybersecurity-related matters. Although the NPPD had been around for eleven years at that point, there was (as stated above) growing criticism about its competency in the ever-changing landscape. Thus, the Cybersecurity and Infrastructure Security Agency Act was signed into law on November 16, 2018, which meant the NPPD received a beauty makeover of sorts, and the Cybersecurity and Infrastructure Security Agency (CISA) as we know it today was born.
The official mission of CISA (short for Cybersecurity and Infrastructure Security Agency) is to: “Lead the national effort to understand and manage cyber and physical risk to our critical infrastructure.” Simply put, the agency’s overall goal is to provide a secure and resilient critical infrastructure for the American people. One of the biggest issues the NPPD faced before it was revamped was that it lacked a notable “brand” appeal to recruit and retain the best talent.
Though this is a common issue regarding government workers, it posed a significant problem to an organization looking to become more innovative and solidify its status as a federal agency on par with the Secret Service or the Federal Emergency Management Agency (FEMA). The NPPD also lacked what some experts called a “unified cybersecurity strategy,” which really isn’t all that surprising when one considers the NPPD was essentially a conglomerate mash-up of different security programs within DHS, the Department of Homeland Security because those same programs didn’t have a proper place within already established federal agencies.
Another way to think about this would be like going into your freezer and finding a bunch of meat you don’t normally use in your everyday cooking and throwing them together in one big pot to try and make dinner. Though this approach can sometimes result in a gourmet meal it can often lead to what Christopher Krebs (the first appointed director of CISA) summarized in the following passage: “Over time as the threat landscape, particularly from a cybersecurity perspective, has evolved and the department’s role has been clarified and strengthened by Congress, it really became clear that the department needed a single voice, a single agency or organization who was able to carry out the DHS secretary’s critical infrastructure protection and cybersecurity authorities.”
CISA’s two main strategic goals (defending today by addressing the imminent risks facing our national critical functions & securing tomorrow by helping organizations manage their own risk during steady-state conditions) were born as a result of this need for a more integrated approach.
CISA houses two main centers that are vital to the agency achieving its vision and goals. The first is called the National Cybersecurity and Communications Integration Center (NCCIC) which according to CISA’s official website: “works 24/7 to reduce risks within and across all critical infrastructure sectors by partnering with law enforcement agencies and the intelligence community and by coordinating efforts among Federal, state, local, and tribal governments and control systems owners, operators, and vendors. Additionally, NCCIC collaborates with international and private sector Computer Emergency Response Teams (CERTs) to share information about control systems-related security incidents and mitigation measures.”
The second is called the National Risk Management Center (NRMC) which according to the official website is: “the planning, analysis, and collaboration center within the Cybersecurity and Infrastructure Security Agency, leading strategic risk reduction efforts for the Nation.” Finally, like its predecessor the NPPD, CISA also administers within DHS the Offices of: Cyber and Infrastructure Analysis (OCIA), Infrastructure Protection (OIP), Cybersecurity & Communication (OC&C), and the Federal Protective Service (FPS).
With the number of cyberattacks growing each and every day CISA’s importance will only continue to increase. One only needs to look at the political landscape and the role bad actors may or may not have played in the last two presidential elections (the agency even created a “Rumor Control” page that details this — https://www.cisa.gov/rumorcontrol). Either way counsel from an agency like CISA is indispensable to Americans today.