• Home
  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Related Websites
  • Services
    • Free Technical Inquiry
    • Core Analysis Task (CAT) Program
    • Subject Matter Expert (SME) Network
    • Training
    • Contact Us
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
  • About
    • About the CSIAC
    • The CSIAC Team
    • Subject Matter Expert (SME) Support
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • DTIC STI Program
    • FAQs
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Login / Register

CSIAC

Cyber Security and Information Systems Information Analysis Center

  • Resources
    • Find Resources by Topic Tags
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Websites
  • Services
    • Free Technical Inquiry
    • Core Analysis Task (CAT) Program
    • Subject Matter Expert (SME) Network
    • Training
    • Contact
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
  • About
    • About the CSIAC
    • The CSIAC Team
    • Subject Matter Expert (SME) Support
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • DTIC STI Program
    • FAQs
  • Cybersecurity
  • Modeling & Simulation
  • Knowledge Management
  • Software Engineering

Cybersecurity

Group logo of Cybersecurity
Public Group active 19 hours, 21 minutes ago

Enhance cybersecurity awareness and survivability for DoD, industry partners, and academia in the face of the ever-increasing threat of cyber attacks. Cybersecurity (CS) includes managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes, including analog and physical form. CS includes information availability, identification and authentication, confidentiality, integrity, and non-repudiation as well as the economic considerations with respect to selection of CS techniques, CS processes, and industry trends.

  • Home
  • Forum

Cybersecurity and Infrastructure Security Agency (CISA) Act of 2018

  • This topic has 13 replies, 1 voice, and was last updated 1 year, 7 months ago by paddeev.
  • Creator
    Topic
  • 2018-11-26 at 09:03 #51915
    nmaida
    Moderator

    On November 16, 2018, President Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018. This landmark legislation elevates the mission of the former National Protection and Programs Directorate (NPPD) within DHS and establishes the Cybersecurity and Infrastructure Security Agency (CISA).

    https://www.dhs.gov/CISA

  • Creator
    Topic
Viewing 9 reply threads
  • Author
    Replies
    • 2018-11-27 at 13:31 #51974
      JRDoyle
      Participant

      The CISA Act is a needed response to the growing and more complicated cyber environment and associated risks. Through the agency, the needed leadership is established and a national proactive approach can be taken. Important aspects are the government and private sector partnership with respect to critical infrastructure, especially since the private sector owns a substantial portion of the infrastructure. Further, the partnership makes sense since government and private sector are successfully engaged in areas of space exploration and fintech. In addition, the agency is providing a consolidated “all-hazards risk analysis”. Such a tool is key. What vulnerabilities may exist and where, is vital to determining the security measures needed. Finally, another important aspect is the agency’s #BeCyberSmart initiative. By having a national effort to raise awareness, educate the nation, and for all to take personal responsibilities for online security measures helps address one of the major vulnerabilities in the use of cyber services: lack of awareness and training and education.

    • 2018-11-27 at 17:13 #51983
      SamBHouston
      Participant

      I’m interested to see what regulations for companies will be put in place by this newly formed agency. Often overlooked in the budget, security and cybersecurity may become a required spend. Beyond job growth opportunities, enhanced consumer protection should be a benefit the USA sees from this.

      • 2018-11-28 at 08:18 #51991
        mgalal
        Participant

        Interesting Article.

        Thank you

    • 2018-11-27 at 20:03 #51985
      carstenkrause
      Participant

      It is good to see that this agence was created with bi-partisan support. Time will tell if CISA can help fend off attacks by cyber criminals, organized crime and nation state cyber attacks.
      With that being said I like the fact that this is taken as a proactive measure to counter foreign orchestrated cyber attacks by countries like Russia (US elections), China (Cyber IP theft), Banks hack with Stuxnet in 2012-2014 as retaliation against the US cyber attack on nuclear facilities) and North Korea (Sony hack, WannaCry etc). The government and private sector are equally impacted by the increasing complexity of attacks that surpass individual efforts through the support of nations trying to gain advantages through IP theft and impact modern democracies by shaking trust in these institutions through tampering in elections.
      The effectiveness of CISA will depend on 3 aspects:
      1. government agencies and private sector companies to work hand in hand to quickly identify and mitigate threats.
      2. Adequate funding of the agency
      3. Attrackting the right cybersecurity talent to keep up with the talent of bad actors and nation states

      • 2018-11-27 at 22:49 #51988
        M5683
        Participant

        Even though, every company has a responsibility to protect itself. I think this frontier requires a collaborative effort, data gathering and sharing. The government needs to take the lead. This will be an enormous task to co-ordinate. A Step in the right direction.

      • 2018-11-28 at 09:37 #51992
        mgalal
        Participant

        I agree & perhaps the G20 can address this challenge.

    • 2019-02-27 at 17:13 #57910
      dawa4444
      Participant

      I recently started a course – Harvard University Cybersecurity: Managing Risk in the Information Age, I have a decent security background but the goal of attending this course is to bolster that knowledge. It is working. I now know much more than previously and we are only getting started. One of the things this course has done is make me aware of forums like this. I was unaware of the CISA act but agree that it critical and a step in the right direction. Private organizations and Governments are under ever increasing attacks. Clearly most current mechanisms aren’t working. We all know you can never completely stop breaches but working together and regulating all organizations to adhere to standards should be useful.

    • 2019-03-02 at 18:41 #57967
      Suzie24
      Participant

      Agree that the CISA Act of 2018 is a much-needed response to today’s growing cyberthreat environment. It will be interesting to see how government agencies and privately owned companies work together to identify and mitigate cyberthreats by nation states who have an army of hackers.

    • 2019-03-05 at 19:21 #58168
      bspangler
      Participant

      Interesting that while North Korea has not tested any missiles since the first summit with Trump, they have been very active in continued attacks on US interests. Hopefully the CISA Act will help us to better defend against future attacks as they do not seem to be diminishing.

      http://time.com/5542687/north-korea-cyberattacks-lazarus-hanoi-summit/

    • 2019-05-27 at 14:30 #59609
      sml000
      Participant

      I think the formation of CISA was a vital necessity, and hopefully its existence will help formalize the types of protections that all types of corporations, large or small, public or private are mandated to have in place. Rules levied by this branch of government have the potential to protect us all from malicious attackers.
      I feel this organization is of equal importance to the TSA and the National Guard, as these silent threats we face are as real the tangible ones we have faced in the past.

      • This reply was modified 1 year, 10 months ago by sml000.
    • 2019-05-28 at 13:44 #59645
      cyberstudent
      Participant

      My concern with creating yet another agency is with jurisdiction confusion. Now, organizations that perhaps looking at these issues before, may be less inclined to do so, believing that they fall within CISA’s wheelhouse. This is how things fall through the cracks. This is in large part how intel failed leading up to 911. It seems counterintuitive but is this weird unintended consequence when you create too many agencies. Too many cooks in the kitchen…

    • 2019-05-28 at 21:07 #59653
      Jad7331@
      Participant

      Unfortunately, I disagree that creating another agency creates confusion. As I recall, there were far less controls and agencies in place leading up to 9.11. Imagine not having TSA today, or HSA? Wasn’t the formation of both in 2001 and 2002 respectively? With the advent of ingenious methods of hacks, attacks etc. not to mention the ones we have yet to experience, we have an obligation as a country to defend and protect -to be proactive and reactive! Hence, the need for for greater and deeper levels of security.

    • 2019-09-03 at 12:43 #60449
      paddeev
      Participant

      Hi even I too agree that creating of more and more agencies within the same cult – would it really help? But in any case, I was unaware of this act and now it is nice to come across this information. Unless this behaves like a protocol to follow by all countries at least at the minimal level, it would not be effective of an enforcement like GDPR. GDPR helped us to safeguard lot more information, which were exposed in our mobile branch offices. At least now many layman started talking about safeguarding their PII.

  • Author
    Replies
Viewing 9 reply threads

You must be logged in to reply to this topic.

sidebar

Community Sidebar

Featured Content

The DoD Cybersecurity Policy Chart

The DoD Cybersecurity Policy Chart

This chart captures the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme.

View the Policy Chart

Featured Subject Matter Expert (SME): Cully Patch

An internal CSIAC SME with a passion for learning, teaching, and supporting the warfighter, Mr. Cully Patch has been a member of the CSIAC staff for 5 years. Cully was instrumental in leading the development and instruction of an extensive course on DoD Cybersecurity Analysis and Reporting (DoDCAR) - a threat-based approach to addressing system cybersecurity. As a senior program manager for cybersecurity and intelligence, Mr. Patch has extensive experience in providing cybersecurity training and education to both university students and military operators. Cully is a retired US Air Force military officer with career accomplishments in the fields of research, Intelligence, cybersecurity operations, planning, and technical course instruction. CSIAC is honored to have Mr. Patch as a subject matter expert, where he leads teams of technologists through problem solving, training program development, scientific and technical information generation, and analysis of complex system requirements.

View SME's Contributed Content

CSIAC Report - Smart Cities, Smart Bases and Secure Cloud Architecture for Resiliency by Design

Integration of Smart City Technologies to create Smart Bases for DoD will require due diligence with respect to the security of the data produced by Internet of Things (IOT) and Industrial Internet of Things (IIOT). This will increase more so with the rollout of 5G and increased automation "at the edge". Commercially, data will be moving to the cloud first, and then stored for process improvement analysis by end-users. As such, implementation of Secure Cloud Architectures is a must. This report provides some use cases and a description of a risk based approach to cloud data security. Clear understanding, adaptation, and implementation of a secure cloud framework will provide the military the means to make progress in becoming a smart military.

Read the Report

CSIAC Journal - Data-Centric Environment: Rise of Internet-Based Modern Warfare “iWar”

CSIAC Journal Cover Volume 7 Number 4

This journal addresses a collection of modern security concerns that range from social media attacks and internet-connected devices to a hypothetical defense strategy for private sector entities.

Read the Journal

CSIAC Journal M&S Special Edition - M&S Applied Across Broad Spectrum Defense and Federal Endeavors

CSIAC Journal Cover Volume 7 Number 3

This Special Edition of the CSIAC Journal highlights a broad array of modeling and simulation contributions – whether in training, testing, experimentation, research, engineering, or other endeavors.

Read the Journal

CSIAC Journal - Resilient Industrial Control Systems (ICS) & Cyber Physical Systems (CPS)

CSIAC Journal Cover Volume 7 Number 2

This edition of the CSIAC Journal focuses on the topic of cybersecurity of Cyber-Physical Systems (CPS), particularly those that make up Critical Infrastructure (CI).

Read the Journal

Recent Video Podcasts

  • Defense Modeling and Simulation (M&S) Catalog: Art of the Possible Series: CSIAC Webinars
  • Explore the Innovare Advancement Center-Part 1 Series: Innovare Advancement Center & The CSIAC Podcast
  • Cybersecurity Maturity Model Certification (CMMC): The Road to Compliance Series: The CSIAC Podcast
  • Deep Learning for Radio Frequency Target Classification Series: CSIAC Webinars
  • A Brief Side-by-Side Comparison Between C++ and Rust – Part 3 Series: Programming Language Comparisons
View all Podcasts

Upcoming Events

Thu 29

Data Connectors Phoenix Virtual Cybersecurity Summit

April 29
Organizer: Data Connectors
636-778-9495
May 17

SANS Purple Team Summit & Training 2021

May 17 - May 28
Organizer: SANS Institute
May 27

DockerCon LIVE 2021

May 27 @ 06:00 - 14:00 EDT
May 28

LayerOne 2021

May 28 - May 30
Oct 18

IEEE Secure Development Conference

October 18 - October 21
Organizer: Institute of Electrical and Electronics Engineers (IEEE)
View all Events

Footer

CSIAC Products & Services

  • Free Technical Inquiry
  • Core Analysis Tasks (CATs)
  • Resources
  • Events Calendar
  • Frequently Asked Questions
  • Product Feedback Form

About CSIAC

The CSIAC is a DoD-sponsored Center of Excellence in the fields of Cybersecurity, Software Engineering, Modeling & Simulation, and Knowledge Management & Information Sharing.Learn More

Contact Us

Phone:800-214-7921
Email:info@csiac.org
Address:   266 Genesee St.
Utica, NY 13502
Send us a Message
US Department of Defense Logo USD(R&E) Logo DTIC Logo DoD IACs Logo

Copyright 2012-2021, Quanterion Solutions Incorporated

Sitemap | Privacy Policy | Terms of Use | Accessibility Information
Accessibility / Section 508 | FOIA | Link Disclaimer | No Fear Act | Policy Memoranda | Privacy, Security & Copyright | Recovery Act | USA.Gov

This website uses cookies to provide our services and to improve your experience. By using this site, you consent to the use of our cookies. To read more about the use of our site, please click "Read More". Otherwise, click "Dismiss" to hide this notice. Dismiss Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT