The Department of Homeland Security (DHS) employs a risk-informed, all-hazards approach to safeguarding critical infrastructure in cyberspace that emphasizes protections for privacy and civil liberties, transparent and accessible security processes, and domestic and international partnerships that further collective action.
DHS coordinates with sector specific agencies, other federal agencies, and private sector partners to share information on and analysis of cyber threats and vulnerabilities and to understand more fully the interdependency of infrastructure systems nationwide. This collective approach to prevent, protect against, mitigate, respond to, investigate, and recover from cyber incidents prioritizes understanding and meeting the needs of our partners, and is consistent with the growing recognition among corporate leaders that cyber and physical security are interdependent and must be core aspects of their risk management strategies.
CISA Central's mission is to reduce the risk of systemic cybersecurity and communications challenges in our role as the Nation's flagship cyber defense, incident response, and operational integration center. Since 2009, CISA Central has served as a national hub for cyber and communications information, technical expertise, and operational integration, and by operating out 24/7 situational awareness, analysis, and incident response center.
CISA Central shares information among the public and private sectors to provide greater understanding of cybersecurity and communications situation awareness of vulnerabilities. intrusions, incidents, mitigation, and recovery actions.
CISA Central ICs works to reduce risks within and across all critical infrastructure sectors by partnering with law enforcement agencies and the intelligence community and coordinating efforts among Federal, state, local, and tribal governments and control systems owners, operators, and vendors. Cybersecurity and infrastructure protection experts from CISA Central ICS provide assistance to owners and operators of critical systems by responding to incidents and restoring services, and analyzing potentially broader cyber or physical impacts to critical infrastructure. Additionally, CISA Central collaborates with international and private sector Computer Emergency Response Team (CERTs) to share control system-related security incidents and mitigation measures.
Critical Infrastructure Cyber Community Voluntary Program (C³VP)
Because cybersecurity and physical security are increasingly interconnected, DHS has partnered with the critical infrastructure community to establish a voluntary program to encourage use of the Framework for Improving Critical Infrastructure Cybersecurity to strengthen critical infrastructure cybersecurity. The Critical Infrastructure Cyber Community C³ (pronounced “C Cubed”) Voluntary Program is the coordination point within the federal government for critical infrastructure owners and operators interested in improving their cyber risk management processes. The C³ Voluntary Program aims to support industry in increasing its cyber resilience; increase awareness and use of the Framework for Improving Critical Infrastructure Cybersecurity; and encourage organizations to manage cybersecurity as part of an all hazards approach to enterprise risk management.
National Infrastructure Coordinating Center
The National Infrastructure Coordinating Center (NICC), which is part of the DHS National Operations Center, is the dedicated 24/7 coordination and information sharing operations center that maintains situational awareness of the nation’s critical infrastructure for the federal government. When an incident or event affecting critical infrastructure occurs and requires coordination between DHS and the owners and operators of our Nation’s critical infrastructure, the NICC serves as that information sharing hub to support the security and resilience of these vital assets. The NICC and the NCCIC share cyber and physical security information to enhance the efficiency and effectiveness of the U.S. government’s work to secure critical infrastructure and make it more resilient.