What/Who is Cisa?
On November 16, 2018, President Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018, which elevated the mission of the former NPPD within the Department of Homeland Security (DHS), establishing the Cybersecurity and Infrastructure Security Agency (CISA). CISA is a successor agency to NPPD and assists both other government agencies and private sector organizations in addressing infrastructure and cybersecurity issues.
IRPT works closely with CISA to inform the inland river industry of available training courses offered by CISA, current potential threats to infrastructure and/or cyber that could adversely impact industry, and free services CISA provides that are available to industry.
CISA subcomponents include the:
- Cybersecurity Division
- Infrastructure Security Division
- Emergency Communications Division
- National Risk Management Center
- Integrated Operations Division
- Stakeholder Engagement Division
- National Emergency Technology Guard (inactive, but can be activated by the director of CISA)
Responding to, recovering from, and rebuilding after a physical or cyber incident can have a catastrophic impact on the daily operations of a business, yet businesses of all sizes struggle with the challenges of investment prioritization. Security not only safeguards business operations, but also enhances employee safety and a positive work culture, as well as…Read More
Partners, In recent months, various major cyber incidents have had an impact on our critical infrastructure community and caused downstream consequences to Americans that rely on it for everyday functions. The federal government, SLTT governments, and the private sector work tirelessly to strengthen our defensive posture, but none of us can do it alone. Today,…Read More
Cyber actors continue to exploit publicly known-and often dated-software vulnerabilities against broad target sets, including public and private sector organizations worldwide. However, entities worldwide can mitigate the vulnerabilities listed in this report by applying the available patches to their systems and implementing a centralized patch management system. Today, CISA, the Australian Cyber Security Centre (ACSC),…Read More
CISA/NSA/FBI: U.S. Government Releases Indictment and Several Advisories Detailing Chinese Cyber Threat Activity
As today’s announcement from the White House indicates, the cyber threat from the People’s Republic of China (PRC) continues to evolve and poses a real risk to the nation’s critical infrastructure, as well as businesses and organizations of all sizes at home and around the world. The Cybersecurity and Infrastructure Security Agency (CISA), in…Read More
To raise awareness of the risks to-and improve the cyber protection of-critical infrastructure, CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory as well as updates to five alerts and advisories. These alerts and advisories contain information on historical cyber-intrusion campaigns that have targeted ICS: Joint Cybersecurity Advisory 2011 Gas…Read More
CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack
Importance: High CISA and the FBI continue to respond to the recent supply-chain ransomware attack leveraging a vulnerability in Kaseya VSA software against multiple managed service providers (MSPs) and their customers. CISA and FBI strongly urge affected MSPs and their customers to follow the guidance below. Contact Kaseya at email@example.com with…Read More
The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the UK’s National Cyber Security Centre (NCSC) have released Joint Cybersecurity Advisory (CSA): Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments. The CSA provides details on the campaign, which is being…Read More
The Office for Bombing Prevention (OBP) Virtual Instructor-Led Training (VILT) July Course Schedule has been published. If you feel that your state would benefit from this type of awareness training, please feel free to distribute. The Cybersecurity and Infrastructure Security Agency (CISA), Office for Bombing Prevention (OBP) and the Center for Domestic Preparedness have…Read More
Critical Infrastructure Partners, With every headline in the news, we are reminded about the increasing threat, both in number and size, that ransomware incidents have on critical infrastructure in the United States and across the globe. The President has made strengthening our nation’s resilience from cyberattacks – against both the private and public sectors…Read More
Critical Infrastructure Colleagues and Partners, CISA is aware of the likelihood that cyber threat actors are attempting to exploit CVE-2021-21985, a remote code execution vulnerability in VMware vCenter Server and VMware Cloud Foundation. This vulnerability was discussed on the May 27 CISA weekly SOC call. Although patches were made available on May 25,…Read More