CISA – Cyber Security and Infrastructure Security Agency

James L. Feldkamp

April 28, 2023

Jim Feldkamp

CISA focuses on cyber security and infrastructure resilience. This includes protecting technology assets that enable businesses and governments to operate.

Cyber threats can be physical and cyber, so it’s important to consider both when developing your security strategy. CISA works to prevent attacks and minimize the damage of malware infiltration by providing cyber situational awareness training and incident response services.

Emergency Services Sector

The Emergency Services Sector (ESS) is an essential infrastructure for saving lives, protecting property and the environment, and assisting in recovery following an incident. Its operations are the first line of defense for nearly all critical infrastructure sectors, and any failure or disruption would devastate the American people.

The ESS comprises multiple responder disciplines and subsectors, each of which has itsunique responsibilities and capabilities. These include law enforcement, fire and rescue, emergency medical services (EMS), emergency management, and public works.

These responder disciplines/subsectors are comprised of paid and volunteer personnel that perform the core functions of their discipline. In addition to the primary response disciplines, specialized personnel and teams provide additional capabilities as needed.

Cyber security is a significant threat to the ESS as information networks and technology resources increasingly rely on a data-driven environment. This vulnerability makes the ESS susceptible to various attacks, which continue to increase in frequency and severity.

Electric Grid

The electric grid is one of the most critical aspects of our country’s infrastructure. It provides electricity to our homes, businesses, and transportation systems.

Cybersecurity is an important part of the cybersecurity and infrastructure security agency efforts to protect this critical infrastructure. Utilities and their employees are responsible for ensuring their electrical networks are secure.

Regardless of their size, utilities must invest in cybersecurity to respond quickly to threats that could impact their ability to deliver customer service. This will require continuous investment in software and hardware, personnel, training, and risk assessment.

Several threats can impact the US electric grid, including cybersecurity attacks by countries, criminal gangs, hackers, physical attacks by terrorists (domestic or foreign) and vandals, and EMPs generated by geomagnetic solar flares. These complex threats require coordinated planning and a strong law enforcement response.

Healthcare Sector

Cyber threats increase as healthcare facilities evolve to meet new needs for treatment, patient care, and resiliency. For example, malware such as ransomware and viruses can threaten patients’ privacy, compromise their medical records and disrupt critical operations.

To combat these risks, hospitals and health systems have implemented important security steps to safeguard clinical technologies and information systems. These efforts include implementing recognized cybersecurity best practices and enhancing their cyber resilience.

The Healthcare Sector Coordinating Council (HSCC) collaborates with the Department of Health and Human Services, other federal agencies, and the private sector on risk mitigation to ensure healthcare remains safe, secure and accessible. Its primary outputs include risk assessment, recommendations, best practices and guidance for enterprise cybersecurity improvements, and advice to government partners on policy and regulatory solutions that mitigate cyber threats to the healthcare sector.

While many hospital and health system leaders recognize that healthcare data and technology are highly sensitive, they often lack the resources to implement advanced cybersecurity postures and standards. As such, AHA strongly supports developing and promoting voluntary cybersecurity guidelines, as defined by NIST and the HIPAA Cybersecurity Protection Program (HICP).

Transportation Sector

The Transportation Sector moves millions of people and goods across the country and abroad. CISA works to secure this infrastructure so the nation can continue operating safely and effectively.

The Transportation sector is an important industry for investors and consumers because it provides a variety of services, such as the transportation of food and consumer goods. It also produces many jobs and helps support the economy.

However, it is a cyclical sector and can be affected by oil prices. This makes it difficult to predict its performance during recessions.

To protect against cyber threats, the Transportation sector needs to implement security measures integrated into its safety framework. This will help it comply with new federal cybersecurity initiatives.