A Risk-based Approach to National Cybersecurity
Authored By: Bob Kolasky, CISA Assistant Director for the National Risk Management Center
risk management
Systemic Cyber Risk Reduction
Working with government and industry partners, CISA’s National Risk Management Center is adding analytic rigor to the ability for organizations to quantify cyber risk impact for cybersecurity measures they have in place in order to develop actionable metrics, and use this information to reduce shared risk to the Nation’s security and economic security.
CISA Releases ICT Supply Chain Risk Management Task Force Year 2 Report
Today, the Cybersecurity and Infrastructure Security Agency (CISA) and government and industry members of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force released an annual report on its progress to advance meaningful partnerships and analysis around supply chain security and resilience.
Last Published Date: December 17, 2020
ICT SCRM Task Force Year Two Report
This report provides an update on the ICT Supply Chain Risk Management (SCRM) Task Force’s progress in Year Two to advance meaningful partnerships and analysis around supply chain security and resilience. The report summarizes the work of the Task Force’s five working groups to address challenges to information sharing, threat analysis, qualified bidder and qualified manufacturer lists, vendor assurance, and impacts of the COVID-19 pandemic on ICT supply chains.
Return to ICT Supply Chain Risk Management.
ICT SCRM Event Agenda
View the agenda for the virtual Partnership in Action: Driving Supply Chain Security event.
Return to ICT SCRM Task Force Events.
ICT SCRM Task Force Events
CISA's virtual event, Partnership in Action: Driving Supply Chain Security, will take place on December 17 from 2-4 pm ET. This event is a unique opportunity for the cybersecurity, critical infrastructure, and information security communities to learn about the Task Force’s progress, findings, and accomplishments in Year Two to further assess and manage risks associated with the global ICT supply chain.
5G Edge Vs Core
The Edge vs. Core - An Increasingly Less Pronounced Distinction in 5G Networks informs stakeholders about how edge computing increases the risks of untrusted components into 5G networks by moving core functions away from traditional network boundaries. The product is intended to provide an overview of edge computing and represents CISA’s analysis of the risks associated with installation of untrusted components into 5G infrastructures.
Port Facility Cybersecurity Risks
The Port Facility Cybersecurity Risks Infographic details how cyberattacks could impact different aspects of port operations. The risks identified in this infographic do not encompass all risks to maritime facilities and are meant to demonstrate some of the potential activities of malicious cyber actors.
Return to National Risk Management.
ICT Supply Chain Lessons Learned Covid 19
This analysis report, Building A More Resilient ICT Supply Chain: Lessons Learned During The COVID-19 Pandemic, examines how the COVID-19 pandemic impacted the logistical supply chains of information and communication technology (ICT) companies and provides recommendations on how organizations can increase their supply chain resilience from future risks.
Physical Security Voting Locations
The Physical Security of Voting Locations and Election Facilities is a general guide with resources and four actionable steps—to Connect, Plan, Train, and Report—that election officials should consider to improve the physical security posture and enhance resilience of election operations in their jurisdiction.
Return to #Protect2020