Critical infrastructure entities may receive a communication from CISA indicating that CISA has obtained their information pursuant to a subpoena, and that a vulnerability is present on their network.
CISA has restrictions on sharing non-public information obtained through administrative subpoenas. CISA only shares non-public information obtained through administrative subpoenas.
The CISA Privacy Office periodically audits records of active and completed administrative subpoenas to verify that these administrative subpoenas are maintained and disposed of in accordance with the handling and disposition requirements from the law and procedure.
Subpoenas are legal orders that compel the recipient to take certain actions. Administrative subpoenas are issued by federal agencies, rather than by judges or grand juries. CISA is authorized by law to issue administrative subpoenas for the narrow purpose of identifying and notifying the owners and operators of internet-connected systems with specific security vulnerabilities.
Employee Vigilance Through the Power of Hello Translated into 12 Asian American and Pacific Islander Languages
Author: Susan Schneider, Cybersecurity and Infrastructure Security Agency
On May 12, President Biden signed an Executive Order on Improving the Nation’s Cybersecurity to support our nation’s cybersecurity and protect the critical infrastructure and Federal Government networks underlying our nation’s economy and way of life.
The Cybersecurity and Infrastructure Security Agency (CISA) today announced the formation of a Space Systems Critical Infrastructure Working Group, a mix of government and industry members that will identify and develop strategies to minimize risks to space systems that support the nation’s critical infrastructure. The
Last Published Date: May 13, 2021
In celebration of National Superhero Day, the Cybersecurity and Infrastructure Security Agency (CISA) is releasing its second graphic novel in the Resilience Series to educate the public on the dangers and risks associated with dis- and misinformation campaigns.
Last Published Date: April 28, 2021
The Cybersecurity and Infrastructure Security Agency (CISA) works around the clock to identify and mitigate cybersecurity vulnerabilities in the digital systems that underpin much of our nation’s critical infrastructure. A key element of these efforts includes notifying critical infrastructure entities of vulnerabilities in their systems. However, at times CISA analysts identify or receive information about vulnerable systems, but cannot determine contact information for the owners or operators of the systems.
All CISA administrative subpoenas will be signed with a cryptographic digital signature by an authorized CISA representative.