The Information Technology Sector is central to the nation's security, economy, and public health and safety as businesses, governments, academia, and private citizens are increasingly dependent upon Information Technology Sector functions. These virtual and distributed functions produce and provide hardware, software, and information technology systems and services, and—in collaboration with the Communications Sector—the Internet. The sector's complex and dynamic environment makes identifying threats and assessing vulnerabilities difficult and requires that these tasks be addressed in a collaborative and creative fashion.
Information Technology Sector functions are operated by a combination of entities—often owners and operators and their respective associations—that maintain and reconstitute the network, including the Internet. Although information technology infrastructure has a certain level of inherent resilience, its interdependent and interconnected structure presents challenges as well as opportunities for coordinating public and private sector preparedness and protection activities.
The Information Technology Sector-Specific Plan details how the National Infrastructure Protection Plan risk management framework is implemented within the context of the unique characteristics and risk landscape of the sector. Each Sector Risk Management Agency develops a sector-specific plan through a coordinated effort involving its public and private sector partners. The Department of Homeland Security is designated as the Sector Risk Management Agency for the Information Technology Sector.
For resources available to Information Technology Sector partners, visit the Cybersecurity and Infrastructure Security Agency's (CISA) Cybersecurity Division.
Security Tenets for Life Critical Embedded Systems
Life critical embedded systems—whether medical devices, cars that connect to the Internet, Supervisory Control and Data Acquisition (SCADA), industrial control systems (ICS), or other systems—play a crucial role in today’s world. As more and more of these systems become interconnected to the Internet of Things, the need to properly secure these systems from hackers and cyberattacks is becoming increasingly evident.
The Security Tenets for Life Critical Embedded Systems meets this need by providing basic security guidelines meant to ensure that life critical embedded systems across all industries have a common understanding of what is needed to protect human life, prevent loss or severe damage to equipment, and prevent environmental harm. The intent of this document is not to create a mandate or regulation; rather, it seeks to specify a set of prioritized, core technical principles applicable across any industry or organization with life critical embedded systems, which, if implemented, would result in a significantly more secure environment than is currently the norm for life critical embedded systems. These core technical principles offer a starting point for industry-specific consortia and government groups to consider in developing standards and norms and for system developers to use in building or updating life critical embedded systems.