The Cyberseurity and Infrastructure Security Agency (CISA) mission is to reduce the risk of systemic cybersecurity and communications challenges in our role as the Nation’s flagship cyber defense, incident response, and operational integration center.
Since 2009, CISA (including NCCIC) has served as a national hub for cyber and communications information, technical expertise, and operational integration, and by operating our 24/7 situational awareness, analysis, and incident response center.
Our Vision and Guiding Principles
The CISA vision is a secure and robust cyber and communications infrastructure, resilient against attacks and disruption.
In pursuing our vision, we adhere to a number of Guiding Principles:
- Put Customers First. Understand and meet our customer and constituent needs quickly and completely.
- Lead the Global Mission. In service to our national interests, serve as a global ambassador for cyber and communications security expertise, excellence, and information.
- Be an Active Force for Good. Defend the homeland by being the first and best option to identify, understand, prevent, protect, and respond to significant threats and exploitations of our cyber and communications infrastructure.
- Drive Innovation. Stay on the cutting edge of innovation to bring down risk, learning from past experiences and anticipating change. Inspire others to better understand and apply cyber and communications knowledge and tools.
- Be Right, Be Fast. Connect people-to-people and people-to-content to build community knowledge. Share threat and vulnerability information quickly and broadly, while maintaining the confidence and trust of our stakeholders and the constitutional rights of the American people.
- Earn Trust. Relentlessly build our reputation as the authoritative source of information and a dependable partner through technical excellence and accurate, timely analysis. We are the experts other professionals turn to for help.
What We Do
CISA provides a year in review to the public for the opportunity to better understand our accomplishments and how we have progressed during the past fiscal year.
CISA incorporates a hub for information and expertise. We are a global exchange for cyber and communications information, sharing what we receive back to the cyber security community.
- We build risk awareness and help people understand how to mitigate threats and vulnerabilities.
- We help customers take action to improve their risk posture and support a common operational picture of the national cyber and communications risk landscape.
- We defend federal networks and respond to significant incidents.
- We are here for our partners and customers when they need help. We vigilantly defend the Federal Government’s critical networks and stand ready to respond to attacks on both government and private sector networks
CISA is a key component of the DHS Strategy for Securing Control Systems. The primary goal of the Strategy is to build a long-term common vision where effective risk management of control systems security can be realized through successful coordination efforts. To this end, we have committed $17M in new funding for functions related to securing control systems. NCCIC leads this effort by
- Responding to and analyzing control systems-related incidents;
- Conducting vulnerability, malware, and digital media analysis;
- Providing onsite incident response services;
- Providing situational awareness in the form of actionable intelligence;
- Coordinating the responsible disclosure of vulnerabilities and associated mitigations; and
- Sharing and coordinating vulnerability information and threat analysis through information products and alerts.
CISA (ICS) coordinates control systems-related security incidents and information exchange with Federal, State, and local agencies and organizations, the intelligence community, and private sector constituents, including vendors, owners and operators, and international and private sector CERTs. The focus on cybersecurity for control systems provides a direct path for coordination of activities among all members of the critical infrastructure stakeholder community.
Our Critical Mission Activities
- Information exchange,
- Training and exercises,
- Risk and vulnerability assessments,
- Data synthesis and analysis,
- Operational planning and coordination,
- Watch operations, and
- Incident response and recovery.
Advanced Analytic Lab. CISA operates advanced analytic labs that perform digital media and malware analysis on samples from infected systems. Some labs also hosts a representative sample of vendor equipment onsite to give analysts testing capabilities of malware in control system environments. The availability of onsite equipment and software allows CISA to assess the possible effects of malicious software and consequences a vulnerability may have on critical infrastructure.
Partnerships. CISA works to reduce risk within and across all critical infrastructure sectors by coordinating efforts among federal, state, local and tribal governments, as well as control systems owners, operators, and vendors. In addition, CISA collaborates with international and private sector CERTs to share control systems related security incidents and mitigation measures.
CISA participates with many working groups including the Industrial Control Systems Joint Working Group and the Federal Control Systems Security Working Group. These trusted relationships are leveraged to increase and improve information exchange with the U.S. critical infrastructure asset owner/operators and vendor community.
In 2018, CISA incorporated the former NCCIC and all its components.
Throughout 2017, the NCCIC realigned its organizational structure and integrated like functions previously performed independently by the United States Computer Emergency Readiness Team (US-CERT) and the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). This structure combines intersecting roles from the below legacy organizations to enhance the effectiveness of NCCIC’s cybersecurity and communications mission.
The below graphic depicts the rich history of NCCIC’s organizational structure, which comprised of the following legacy organizations.
- NCS – National Communications System
- NCC – National Coordinating Center (NCC) for communications
- US-CERT – United States Cyber Emergency Readiness Team
- ICS-CERT – Industrial Control Systems Cyber Emergency Readiness Team