As America’s cyber defense agency and the national coordinator for critical infrastructure resiliency and security, CISA leads the national effort to understand, manage, and reduce risk to the cyber and physical infrastructure that Americans rely on every hour of every day. This means supporting critical infrastructure owners and operators as they build up their defenses and their recovery plans, with the goal of preventing – and when necessary, mitigating – cyber and physical attacks.
Preparedness and planning are the best tools for preventing a cyber incident and CISA focuses most of its efforts on this. We work hard to help organizations prepare in the time frame we call “left of boom.” The preparation we do in advance can make all the difference not only by preventing cyber-attacks but also by lessening the impact of the boom if it comes. Because as we all know, no defense plan can be one hundred percent effective and cyber-attacks that affect infrastructure do happen. So, what does CISA do after an attack, right of boom?
As the Director for CISA’s Region 3, I met this month with FEMA Region 3 Regional Administrator MaryAnn Tierney and representatives of the emergency management agencies of each of the states and district within region 3 to talk about how CISA can help in the event of a consequential cyber-attack.
Together with Cybersecurity Advisors Arielle Baine, Ashley Jones and Rahul Mittal, as well as Protective Security Advisor Dan Genua, we explained to the representatives from Pennsylvania, Delaware, Maryland, Virginia, West Virginia and the District of Columbia that while much of CISA’s efforts go toward preventing attacks, CISA experts are also available to assist after an entity has been the target of an attack, providing information to help manage the consequences of cyber incidents and prevent further spread.
To us, it is of the utmost importance that we encourage deep and unfettered collaboration between companies and with the federal government, all to ensure that, collectively, we move faster than our adversaries. As an agency with partnership built into its DNA, CISA has strong, effective relationships with other state, local and federal agencies in the region, as well as with private sector entities.
When a consequential cyber incident occurs, CISA immediately connects with its counterparts at the FBI, other federal partners, local law enforcement agencies and with relevant state government departments.
While the FBI and, potentially, other law enforcement agencies lead the investigation into the crime and pursue the criminals responsible, CISA experts team up with the affected entity to collect as much information as possible about the tactics, techniques and procedures used by the attacker. They use this information to advise the entity on how to best protect their assets, mitigate vulnerabilities, and reduce the impact of the incident on their critical functions. They also use this information to advise the broader community on steps they can take to prevent other similar attacks.
CISA works closely with FEMA on prevention and response actions in areas of physical and cyber security, as well as during major incidents via Emergency Support Functions 2 and 14. This month’s meeting provided an opportunity to sit down and talk through these processes, as well as those involved with supporting a single entity, in a straightforward and simple way, all of which resulted in identifying ways to continue to increase information sharing and building stronger relationships overall.
For more information about CISA’s role in incident response and prevention, please visit: Incident Detection, Response, and Prevention.