Infrastructure Security

CISA Launches a Space Systems Critical Infrastructure Working Group

The Cybersecurity and Infrastructure Security Agency (CISA) today announced the formation of a Space Systems Critical Infrastructure Working Group, a mix of government and industry members that will identify and develop strategies to minimize risks to space systems that support the nation’s critical infrastructure. The
Last Published Date: May 13, 2021

Increase in Gun-Related Violence Emphasizes Importance of Active Shooter Preparedness

Recent increases in gun-related violence stress the need for the critical infrastructure community to prepare for an active shooter incident.  The Cybersecurity and Infrastructure Security Agency (CISA) provides a multitude of online resources and webinars that support capacity building efforts to position organizations to more effectively prepare for, mitigate the impacts of, and respond to an incident.

5G Potential Threat Vectors

CISA, in coordination with the National Security Agency, and the Office of the Director of National Intelligence, as part of the Enduring Security Framework (ESF)—a cross-sector, public-private working group—released a Potential Threat Vectors to 5G Infrastructure paper. This paper identifies and assesses risks and vulnerabilities introduced by 5G.

CISA Administrative Subpoena

The Cybersecurity and Infrastructure Security Agency (CISA) works around the clock to identify and mitigate cybersecurity vulnerabilities in the digital systems that underpin much of our nation’s critical infrastructure. A key element of these efforts includes notifying critical infrastructure entities of vulnerabilities in their systems. However, at times CISA analysts identify or receive information about vulnerable systems, but cannot determine contact information for the owners or operators of the systems.

Software Supply Chain Attacks

The Defending Against Software Supply Chain Attacks, released by CISA and the National Institute of Standards and Technology (NIST), provides an overview of software supply chain risks and recommendations on how software customers and vendors can use the NIST Cyber Supply Chain Risk Management (C-SCRM) Framework and the Secure Software Development Framework (SSDF) to identify, assess, and mitigate software supply chain risks.