Cybersecurity and Infrastructure Security Agency
|Headquarters||Rosslyn, Arlington, Virginia|
|Annual budget||$3.16 billion (2020)|
|Parent agency||Department of Homeland Security|
The Cybersecurity and Infrastructure Security Agency (CISA) is a United States federal agency, an operational component under Department of Homeland Security (DHS) oversight. Its activities are a continuation of the National Protection and Programs Directorate (NPPD). CISA was established on November 16, 2018 when President Donald Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018. Brandon Wales served as Acting Director until Jen Easterly was unanimously confirmed by the Senate on July 12, 2021 and became Director.
Former NPPD Under-Secretary Christopher Krebs was CISA's first Director, and former Deputy Under-Secretary Matthew Travis was its first Deputy Director. The expected role of CISA is to improve cybersecurity across all levels of government, coordinate cybersecurity programs with U.S. states, and improve the government's cybersecurity protections against private and nation-state hackers.
The National Protection and Programs Directorate (NPPD) was formed in 2007 as a component of the United States Department of Homeland Security. NPPD's goal was to advance the Department's national security mission by reducing and eliminating threats to U.S. critical physical and cyber infrastructure.
On November 16, 2018, President Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018, which elevated the mission of the former NPPD within DHS, establishing the Cybersecurity and Infrastructure Security Agency (CISA). CISA is a successor agency to NPPD, and assists both other government agencies and private sector organizations in addressing cybersecurity issues.
On January 22, 2019, CISA issued its first Emergency Directive (19-01: Mitigate DNS Infrastructure Tampering) warning that "an active attacker is targeting government organizations" using DNS spoofing techniques to perform man-in-the-middle attacks. Research group FireEye stated that "initial research suggests the actor or actors responsible have a nexus to Iran."
In 2020, CISA created a website, titled Rumor Control, to rebut disinformation associated with the 2020 United States presidential election. On November 12, 2020, CISA issued a press release asserting, "There is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised." On the same day, Director Krebs indicated that he expected to be dismissed from his post by the Trump administration. Krebs was subsequently fired by President Trump on November 17, 2020 via tweet for his comments regarding the security of the election.
On July 12, 2021, the Senate confirmed Jen Easterly by a Voice Vote, directly after the Senate returned from its July 4th recess. Easterly’s nomination had been reported favorably out of Senate Committee on Homeland Security and Governmental Affairs on June 16, but a floor vote had been reportedly held by Senator Rick Scott over broader national security concerns, until the President or Vice President had visited the southern border with Mexico.
An October 2020 review in the Institute for World Politics student journal Active Measures stated that CISA apparently lacks an enforcement division. The Federal Protective Service, which until 2010 reported to U.S. Immigration and Customs Enforcement, was moved from CISA to the DHS Management Directorate in May 2019.
On December 17, 2020, it was revealed that several US agencies had been hit by a massive months-long intrusion by overseas hackers suspected to be from Russia.
CISA subcomponents include the:
- Cybersecurity Division
- National Council of Statewide Interoperability Coordinators (NCSWIC)
- Infrastructure Security Division
- Emergency Communications Division
- National Risk Management Center
- Integrated Operations Division
- Stakeholder Engagement Division
- National Emergency Technology Guard (inactive, but can be activated by the director of CISA)
- National Initiative for Cybersecurity Careers and Studies
- Geller, Eric (July 12, 2021). "Senate confirms Jen Easterly as head of U.S. cyber agency". politico.com. POLITICO. Retrieved July 13, 2021.
- "Leadership". US Department of Homeland Security. September 7, 2006.
- "NITIN NATARAJAN". Department of Homeland Security. February 16, 2021. Archived from the original on February 23, 2021. Retrieved April 16, 2021.
- Cimpanu, Catalin (November 16, 2018). "Trump signs bill that creates the Cybersecurity and Infrastructure Security Agency". ZDNet. Archived from the original on February 19, 2019. Retrieved December 16, 2018.
- "About CISA". Department of Homeland Security. November 19, 2018. Archived from the original on July 6, 2019. Retrieved December 16, 2018. This article incorporates text from this source, which is in the public domain.
- Ropek, Lucas (July 12, 2021). "CISA Gets a New Director Amidst Ongoing Ransomware Dumpster Fire". gizmodo.com. Gizmodo. Retrieved July 13, 2021.
- Johnson, Derek B. (March 18, 2018). "NPPD taps vendor for No. 2 role". Federal Computer Week. Archived from the original on September 30, 2019. Retrieved March 15, 2019.
- Rockwell, Mark (December 20, 2018). "Standing up CISA". Federal Computer Week. Archived from the original on September 30, 2019. Retrieved March 15, 2019.
- "DHS | About the National Protection and Programs Directorate". Dhs.gov. August 26, 2011. Archived from the original on September 25, 2011. Retrieved September 27, 2011.
- "Cybersecurity and Infrastructure Security Agency". DHS.gov. Archived from the original on November 23, 2018. Retrieved November 24, 2018.
- Ropek, Lucas (July 28, 2020). "Will CISA Be the Savior of State and Local Cybersecurity?". Government Technology. Retrieved November 18, 2020.
- "Emergency Directive 19-01". cyber.dhs.gov. Department of Homeland Security. Archived from the original on July 3, 2019. Retrieved February 16, 2019.
- Krebs, Christopher. "Why CISA issued our first Emergency Directive". cyber.dhs.gov. Department of Homeland Security. Archived from the original on July 6, 2019. Retrieved February 16, 2019.
- Hirani, Muks; Jones, Sarah; Read, Ben. "Global DNS Hijacking Campaign: DNS Record Manipulation at Scale". FireEye. Archived from the original on June 25, 2019. Retrieved February 16, 2019.
- Courtney, Shaun; Sebenius, Alysa; Wadhams, Nick (November 12, 2020). "Turmoil Hits Cyber Agency Engaged in Election as Staff Leave". Bloomberg News. Retrieved November 18, 2020.
- "Federal cybersecurity agency calls election 'most secure in American history'". Engadget. Retrieved November 17, 2020.
- Geller, Eric; Bertrand, Natasha (November 12, 2020). "Top cyber official expecting to be fired as White House frustrations hit agency protecting elections". Politico. Retrieved November 13, 2020.
- Kaitlan Collins and Paul LeBlanc. "Trump fires director of Homeland Security agency who had rejected President's election conspiracy theories". CNN. Retrieved November 18, 2020.
- "Top US cybersecurity official reportedly says he expects to be fired". The Guardian. November 12, 2020. Retrieved November 13, 2020.
- "PN420 - Nomination of Jen Easterly for Department of Homeland Security, 117th Congress (2021-2022)". www.congress.gov. June 16, 2021. Retrieved July 12, 2021.
- Miller, Maggie (June 23, 2021). "Rick Scott blocks Senate vote on top cyber nominee until Harris visits border". TheHill. Retrieved July 12, 2021.
- Atkinson, Wade H., Jr (October 22, 2020). "A Review of the Trump Administration's National Cyber Strategy: Need for Renewal and Rethinking of the Public-Private Partnership in U.S. National Security Policy". Active Measures, A Student Journal of the Institute of World Politics. The Institute of World Politics. Retrieved December 16, 2020.
Presumably, the new Cybersecurity and Infrastructure Security Agency will streamline the functions of the old NPPD. However, as envisioned, it still lacks a Division of Enforcement, similar to the Divisions of Enforcement of the SEC, CFTC, or FTC to serve as an investigatory/enforcement/international-information-sharing arm to enforce the 11 cybersecurity statutes Congress passed in 2014 and 2015. Therefore, the Cybersecurity and Infrastructure Security Agency will apparently have to rely on cooperation and information-sharing, rather than administrative enforcement, and refer civil, administrative, and criminal cases to the Department of Justice (DOJ).
- Rectanus, Lori (June 11, 2019). "Federal Protective Service's Organizational Placement: Considerations for Transition to the DHS Management Directorate, Statement of Lori Rectanus Director, Physical Infrastructure, Testimony Before the Subcommittee on Oversight, Management and Accountability, Committee on Homeland Security, House of Representatives" (PDF). United States: Government Accountability Office. Retrieved December 16, 2020.
- "Energy Department says it was hacked in suspected Russian campaign". NBC News.
- "Cybersecurity and Infrastructure Security Agency Organizational Chart". Department of Homeland Security. February 27, 2019. Archived from the original on April 17, 2019. Retrieved May 4, 2019.