Enhance cybersecurity awareness and survivability for DoD, industry partners, and academia in the face of the ever-increasing threat of cyber attacks. Cybersecurity (CS) includes managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes, including analog and physical form. CS includes information availability, identification and authentication, confidentiality, integrity, and non-repudiation as well as the economic considerations with respect to selection of CS techniques, CS processes, and industry trends.
Cybersecurity and Infrastructure Security Agency (CISA) Act of 2018
- This topic has 13 replies, 1 voice, and was last updated 1 year, 7 months ago by
.
-
Topic
-
On November 16, 2018, President Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018. This landmark legislation elevates the mission of the former National Protection and Programs Directorate (NPPD) within DHS and establishes the Cybersecurity and Infrastructure Security Agency (CISA).
-
Replies
-
-
The CISA Act is a needed response to the growing and more complicated cyber environment and associated risks. Through the agency, the needed leadership is established and a national proactive approach can be taken. Important aspects are the government and private sector partnership with respect to critical infrastructure, especially since the private sector owns a substantial portion of the infrastructure. Further, the partnership makes sense since government and private sector are successfully engaged in areas of space exploration and fintech. In addition, the agency is providing a consolidated “all-hazards risk analysis”. Such a tool is key. What vulnerabilities may exist and where, is vital to determining the security measures needed. Finally, another important aspect is the agency’s #BeCyberSmart initiative. By having a national effort to raise awareness, educate the nation, and for all to take personal responsibilities for online security measures helps address one of the major vulnerabilities in the use of cyber services: lack of awareness and training and education.
-
I’m interested to see what regulations for companies will be put in place by this newly formed agency. Often overlooked in the budget, security and cybersecurity may become a required spend. Beyond job growth opportunities, enhanced consumer protection should be a benefit the USA sees from this.
-
-
It is good to see that this agence was created with bi-partisan support. Time will tell if CISA can help fend off attacks by cyber criminals, organized crime and nation state cyber attacks.
With that being said I like the fact that this is taken as a proactive measure to counter foreign orchestrated cyber attacks by countries like Russia (US elections), China (Cyber IP theft), Banks hack with Stuxnet in 2012-2014 as retaliation against the US cyber attack on nuclear facilities) and North Korea (Sony hack, WannaCry etc). The government and private sector are equally impacted by the increasing complexity of attacks that surpass individual efforts through the support of nations trying to gain advantages through IP theft and impact modern democracies by shaking trust in these institutions through tampering in elections.
The effectiveness of CISA will depend on 3 aspects:
1. government agencies and private sector companies to work hand in hand to quickly identify and mitigate threats.
2. Adequate funding of the agency
3. Attrackting the right cybersecurity talent to keep up with the talent of bad actors and nation states -
-
I recently started a course – Harvard University Cybersecurity: Managing Risk in the Information Age, I have a decent security background but the goal of attending this course is to bolster that knowledge. It is working. I now know much more than previously and we are only getting started. One of the things this course has done is make me aware of forums like this. I was unaware of the CISA act but agree that it critical and a step in the right direction. Private organizations and Governments are under ever increasing attacks. Clearly most current mechanisms aren’t working. We all know you can never completely stop breaches but working together and regulating all organizations to adhere to standards should be useful.
-
-
Interesting that while North Korea has not tested any missiles since the first summit with Trump, they have been very active in continued attacks on US interests. Hopefully the CISA Act will help us to better defend against future attacks as they do not seem to be diminishing.
http://time.com/5542687/north-korea-cyberattacks-lazarus-hanoi-summit/
-
I think the formation of CISA was a vital necessity, and hopefully its existence will help formalize the types of protections that all types of corporations, large or small, public or private are mandated to have in place. Rules levied by this branch of government have the potential to protect us all from malicious attackers.
I feel this organization is of equal importance to the TSA and the National Guard, as these silent threats we face are as real the tangible ones we have faced in the past. -
My concern with creating yet another agency is with jurisdiction confusion. Now, organizations that perhaps looking at these issues before, may be less inclined to do so, believing that they fall within CISA’s wheelhouse. This is how things fall through the cracks. This is in large part how intel failed leading up to 911. It seems counterintuitive but is this weird unintended consequence when you create too many agencies. Too many cooks in the kitchen…
-
Unfortunately, I disagree that creating another agency creates confusion. As I recall, there were far less controls and agencies in place leading up to 9.11. Imagine not having TSA today, or HSA? Wasn’t the formation of both in 2001 and 2002 respectively? With the advent of ingenious methods of hacks, attacks etc. not to mention the ones we have yet to experience, we have an obligation as a country to defend and protect -to be proactive and reactive! Hence, the need for for greater and deeper levels of security.
-
Hi even I too agree that creating of more and more agencies within the same cult – would it really help? But in any case, I was unaware of this act and now it is nice to come across this information. Unless this behaves like a protocol to follow by all countries at least at the minimal level, it would not be effective of an enforcement like GDPR. GDPR helped us to safeguard lot more information, which were exposed in our mobile branch offices. At least now many layman started talking about safeguarding their PII.
-
You must be logged in to reply to this topic.
