1、iCISA GlobalCISA GLOBALFEBRUARY 2021iCISA GlobalThere are moments in the history of our Nation when Congress and the President deem it necessary to create a new executive agency to serve the American people.The establishment of the Department of Homeland Security(DHS)itself was one of these moments.
2、Sixteen years later,in November 2018,we recognized that there must be a single organization to lead the national effort to protect our critical infrastructure.Today,that agency is the Cybersecurity and Infrastructure Security Agency(CISA),“the Nations Risk Advisor.”CISA achieves its core mission of
3、leading cybersecurity and infrastructure security programs,operations,and policy through its key mission areas:cybersecurity,infrastructure security,and emergency communications.As threats to these missions are increasingly global and interconnected,the solutions we pursue to address these risks mus
4、t often reflect a world-wide approach.Cybersecurity has become a core component of homeland security.CISA carries out its cybersecurity mission by:(1)leading Federal Government efforts to secure networks of federal civilian executive agencies;(2)working with the public,private sector,and internation
5、al partners to enhance critical infrastructure cybersecurity and resilience;(3)responding to significant cyber incidents;and(4)strengthening the security,privacy,and reliability of the global cyber ecosystem.Promoting robust international collaboration is instrumental to accomplishing the Department
6、s cybersecurity objectives as threats in cyberspace are not constrained by borders.Similarly,U.S.critical infrastructure is increasingly interconnected and dependent on global infrastructure,supply chain,and systems whose cybersecurity practices and maturity can vary widely.Emergency communications
7、mechanisms also have an international nexus,with U.S.systems including and depending on elements and arrangements that cross our borders.Therefore,other nations and international organizations are key partners across our efforts.Appropriately and securely sharing threat information,mitigation advice
8、,and best practices with international partners not only reinforces good cyber hygiene,but also bolsters the resiliency within our respective systems and critical infrastructure,which in turn,foster a safer cyber-physical ecosystem for all.As CISA strives to expand its global partnerships,we must en
9、sure that our international engagement and related operations reflect broader U.S.national security,economic,and foreign policy goals to effectively identify and implement our cyber and infrastructure security objectives.To achieve this,our priority international efforts will focus on executing and
10、advancing the CISA Directors operational priorities that span across CISAs goals and objectives.CISA Global outlines our approach to how CISA will work with international partners to fulfill our responsibilities,execute our work,and create unity of effort within our mission areas.This strategy prese
11、nts the global vision and international operational priorities of the CISA Director,consistent with CISAs international authorities as outlined in the Homeland Security Act of 2002;Department of Homeland Securitys Strategic Plan for FY 2020-2024;EO 13800 Report,DHS International Cybersecurity Priori
12、ties;and the CISA Strategic Intent.This overarching strategy provides an approach for how CISA will execute its responsibilities and serves as a reference point to guide our work and create unity of effort.Brandon Wales Acting DirectoriiCISA GlobalCISA AT A GLANCEWHO WE AREPARTNERSHIP DEVELOPMENTINF
13、ORMATION AND DATA SHARINGCAPACITY BUILDINGINCIDENT MANAGEMENT&RESPONSERISK ASSESSMENT AND ANALYSISNETWORK DEFENSEEMERGENCY COMMUNICATIONSThe Director has five specific operational areas of focus that,in some cases,span across several goals and objectives.DIRECTORS OPERATIONAL PRIORITIES1CHINA,SUPPLY
14、 CHAIN,AND 5G 2ELECTION SECURITYINDUSTRIAL CONTROL SYSTEMS5SOFT TARGET SECURITY34FEDERAL CYBERSECURITYCISA works with partners across government and industry to defend todays threats and collaborates to build more secure and resilient infrastructure for the future.iiiCISA GlobalWE ARE THE NATIONS RI
15、SK ADVISORThe Cybersecurity and Infrastructure Security Agency(CISA)is the pinnacle of national risk management for cyber and physical infrastructure.1CISA GlobalMISSIONVISIONEnhance our national security and resilience by working with international partners to strengthen the security of the cyber e
16、cosystem;increase the resiliency of critical infrastructure;and address urgent threats and manage risks that are critical to U.S.interests.A more open,interoperable,reliable,and secure interconnected world that fosters a global operational and policy environment where government and industry securit
17、y professionals and risk managers can collectively stop threats and address risks to critical infrastructure while engaging with stakeholders and building capacity.CISA seeks to promote best practices in security and resilience measures across all critical infrastructure sectors and to promote globa
18、l communications infrastructure assets and systems,including internet connectivity that is open,interoperable,reliable,and secure.In todays globally and interconnected world,we confront a wide array of serious risks and threats to our critical infrastructure,systems,assets,functions,and citizens.Sta
19、te and non-state actor adversaries and competitors seek to advance their objectives through a variety of tactics,including subtle actions that significantly weaken the foundations of U.S.power,degrade societal functions,undermine trust in institutions,and increase adversaries ability to exploit vuln
20、erabilities and undermine the functions of critical infrastructure.Extreme weather events,natural hazards,terrorism,and hostile state actors are among the threats to critical functions,the“systems of systems,”and systemic risks that can have global,cascading effects.As networked devices are further
21、integrated into lives and businesses,their vulnerabilities provide additional attack vectors for nation-states and foreign adversaries.For example,global supply chains face risks from malicious activity to software and hardware,disruptions from physical attacks or natural events,and manipulation for
22、 political and economic purposes;aging,outdated,and under-resourced infrastructures may not sustain a confrontation to the system;emergency communication between first responders and decision-makers may be at risk from disruption or lack of interoperability and localized incidents may create a short
23、age of items that are critical dependencies for partner nations.Many of these risks are complex and are dispersed both geographically and across a variety of stakeholders.CISA is uniquely equipped to serve as the central coordinator for information sharing,analysis,planning,and response,while workin
24、g in concert with like-minded international partners.As the national Computer Security Incident Response Team(CSIRT)of the U.S.Government sometimes colloquially referred to as the national Computer Emergency Readiness or Response Team(CERT).CISA works alongside the global community of CSIRTs to serv
25、e as the“first responders of the cyber world.”As part of this community,CISA leverages its network and partnerships to enhance the security and resilience of global cybersecurity which helps protect foreign partners,the private sector,and individuals from hostile actors by sharing information,exchan
26、ging best practices,and heightening awareness among our stakeholders and the general public.A GLOBAL VISION2CISA GlobalWHAT IS A CSIRT?How CISA addresses cyber/physical/comms/hybrid threats and risksCISA also has a unique role in engaging with the global community of Computer Security Incident Respo
27、nse Teams(CSIRT)and is the national CSIRT of the U.S.Government.A CSIRT is a concrete organizational entity(i.e.,one or more staff)that is assigned the responsibility of providing incident management capability for an organization.When a CSIRT exists in an organization,it is generally the focal poin
28、t for coordinating and supporting incident response.DHS has regular engagement with national-level CSIRTs.A“CSIRT with national responsibility”is that which has been designated by a country or economy to have specific responsibilities in cyber protection or incident response,usually to support natio
29、nal security goals and address government networks and/or critical infrastructure.National CSIRTs must be specifically recognized as such by the government for which they operate.CSIRTs serve as the“first responders”of the cyber world,protecting governments,companies,and individuals from attackers,s
30、haring best practices,and improving awareness among their cybersecurity counterparts,governments,the private sector,and the general public.Historically,this technical community focused on network protection or computer network defense and relied on a culture of technical cooperation in any circumsta
31、nce.This has enabled CSIRTs to cooperate regardless of political issues and maintain a singular focus on incident response and mitigation.Furthermore,in todays interdependent and interconnected world,the safety and security ofcritical infrastructurerequires the concerted efforts of public and privat
32、e partners around the globe.CISAs focus on infrastructure security includes addressing bombing security,chemical security,soft target security,and insider threat mitigation.Consistent with CISAs statutory authorities,CISAcollaborates with international partnersto enhance and promote cross-border and
33、 global critical infrastructure security and resilience through information sharing so we can all benefit from the exchange of best practices,expertise,and lessons learned.With these critical mission sets,CISA must do more to address todays complex challenges and to prepare for future threats.CISA c
34、an leverage its global network to strengthen partner capacity and to build a better,collective practice posture and response to urgent threats that are particularly critical to U.S.national security interests.CISA is committed to promoting an open,interoperable,reliable and secure interconnected wor
35、ld within a global,operational and policy environment where network defenders and risk managers can collectively prevent and mitigate threats to critical infrastructure.We invite our global partners to join us in the fight to secure today and to defend tomorrow.3CISA GlobalCISAS VISION FOR INTERNATI
36、ONAL PARTNERSCISA protects U.S.critical infrastructure from todays threats,while also focusing on tomorrows emerging risks.As the national lead for protecting and enhancing the security and resilience of the Nations federal civilian cyber systems and critical infrastructure,CISA adopts a risk manage
37、ment approach that reduces systemic vulnerabilities across the Nation to collectively increase our protective and defensive posture against malicious cyber activity,hybrid threats,terrorism and targeted violence,and the full range of infrastructure security risks.CISA works with public and private s
38、ector entities to ensure owners,operators,and stakeholders are informed and well-equipped to make risk management decisions about their systems and assets.DHS and CISAs international priorities are driven by its unique homeland security mission.International partnerships are therefore best seen as a
39、 fundamental element of mission execution for components with cybersecurity and critical infrastructure responsibilities.In this context,CISA would like to build,sustain,and advance international partnerships to:Strategically cultivate international support for CISAs objectives,priorities,and core f
40、unctions,as well as broader DHS and U.S.national security goals;Increase awareness of and guide global strategic communication on vulnerabilities and risks to cybersecurity,infrastructure security,and emergency communications;Facilitate information sharing to help prevent,mitigate,and manage cyber a
41、nd physical risks to enhance the security and resiliency of critical infrastructure;supply chains;and the global cyber ecosystem;Bolster operational capacity and address identified capability gaps and technological and information requirements;Share expertise and best practices to build and strength
42、en network protection,risk management,and incident response capacity;Manage systemic risks to help maintain international stability;and Broadly shape the evolving cyber ecosystem to support its overall cybersecurity mission.4CISA GlobalCISA will focus its engagement with the global community through
43、 four lines of effort that both coincide with our approach to international partnerships and align with broader strategic goals:(1)operational cooperation;(2)capacity building;(3)stakeholder engagement and outreach;and(4)shaping the policy environment.Core to each of these lines of effort is informa
44、tion sharing.Appropriate and secured information sharing is a critical part of CISAs international collaborative activities.CISA utilizes key programs,such as Automated Indicator Sharing(AIS)and the Homeland Security Information Network(HSIN),to amplify our relationships.These programs help the Unit
45、ed States and its allies protect against,identify,warn of,and respond to threats and incidents;leverage information that builds capacity of critical infrastructure owners and operators in both the public and private sectors;and maintain and secure a functioning,resilient infrastructure that is cruci
46、al to bolstering public confidence and national/economic security.LINES OF EFFORTSHAPING THE POLICY ECOSYSTEMSTAKEHOLDER ENGAGEMENT&OUTREACHOPERATIONAL COOPERATIONCAPACITY BUILDINGINFORMATION SHARING5CISA GlobalOPERATIONAL COOPERATIONGOAL 1:INCREASE SITUATIONAL AWARENESSGiven the increasing intercon
47、nectedness of our networks,the interdependencies among critical infrastructure sectors,and cross-border data flows,operational cooperation with foreign counterparts is a key tool in collaborating to prevent,detect,deter,and mitigate threats and hazards effectively.Operational cooperation,for the pur
48、poses of this document,can be defined as engagement with international partners that is characterized by mutually beneficial information sharing that informs and enhances our relationships.Through such international operational cooperation,CISA can improve its collective situational awareness,and is
49、 able foster innovative approaches for responding to and mitigating threats and hazards to critical infrastructure and cybersecurity.Developing CISAs partnerships into trusted relationships will enable critical operational information sharing that can improve communications capabilities,foster an en
50、vironment for joint operations,and support resilience efforts whether that be by sharing operational best practices,working on joint exercises,addressing threat information and related mitigation advice,or collaborating in a fashion so as to align security and defense efforts with like-minded partne
