Cost of a Cyber Incident: Systematic Review and Cross-Validation

Cost of a Cyber Incident: Systematic Review and Cross-Validation.  In order to support stakeholders with understanding the impacts, costs, and losses from cyber incidents, CISA has cleared for release this October 2020 study.  The objectives of the study are to enable cyber risk analysis, understand the benefits of cybersecurity investments, and inform cybersecurity resource allocation decisions.  To achieve these objectives CISA’s study reviews cost and loss estimates for a wide range of incidents.  While the data analyzed in CISA’s Cost Study can inform the order of magnitude of the potential costs associated with more recent events such as the SolarWinds compromise and Microsoft Exchange server exploit, the impacts associated with these events are not included in the study.

CISA 2020 Year in Review

The Cybersecurity and Infrastructure Security Agency (CISA) leads the nation’s effort to understand and manage cyber and physical risk to our critical infrastructure. Our 2020 Year in Review displays key examples of CISA’s work to carry out its mission in 2020, including milestones and accomplishments as the Agency advanced strategic priorities to maintain a secure and resilient infrastructure for the nation.   

Supply Chain Integrity Month

April is National Supply Chain Integrity Month. In partnership with the Office of the Director of National Intelligence (ODNI), the Department of Defense, and other government and industry partners, CISA is promoting a call to action for a unified effort by organizations across the country to strengthen global supply chains.

CISA, NASCAR, Talladega Superspeedway and Local Partners Conduct Joint Exercise to Keep GEICO 500 Fans Safe

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), NASCAR, the Talladega Superspeedway, state and local first responders, law enforcement officials, and local businesses held a tabletop exercise today to test response plans around hypothetical public safety incidents on the day of the GEICO 500.
Last Published Date: March 30, 2021

SolarWinds and AD-M365 Compromise Risk Decisions for Leaders

Since December 2020, CISA has been responding to a significant cybersecurity incident in which an advanced persistent threat (APT) actor gained initial access to enterprise networks of U.S. government agencies, critical infrastructure entities, and private sector organizations. The APT actor only targeted a select group of organizations affected by the SolarWinds Orion compromise for follow-on network exploitation.

CISA Announces Transfer of the .gov Top-level Domain from U.S. General Services Administration

The Cybersecurity and Infrastructure Security Agency (CISA) announced today it will begin overseeing the .gov top-level domain (TLD) in April 2021. CISA is working closely with the U.S. General Services Administration, who currently oversees the TLD, to ensure a seamless transition of daily operations for .gov customers.
Last Published Date: March 8, 2021

University of Texas at San Antonio Receives CISA Grant to Develop Pilot Program for State, Local, Tribal and Territorial Governments

The Cybersecurity and Infrastructure Security Agency (CISA) has awarded the Center for Infrastructure Assurance and Security (CIAS) at The University of Texas at San Antonio (UTSA) a $1.2 million grant to conduct a pilot program to help state, local, tribal and territorial governments identify high value assets (HVA) in order to prioritize resources and planning. The pilot will aid these governments in establishing an HVA program that aligns with the federal government’s while maintaining the flexibility needed to incorporate their individual needs.
Last Published Date: March 8, 2021