Replies

US Department of Homeland Security CISA Cyber + Infrastructure
Industrial Control Systems Frequently Asked Questions
Frequently Asked Questions
What is the CISA ICS mission?

The Cybersecurity and Infrastructure Security Agency (CISA) includes a mission to promote a cohesive effort between government and industry to improve the cyber security posture of industrial control systems (ICS) within the nation’s critical infrastructure. CISA assists control systems vendors and asset owners/operators to identify security vulnerabilities and develop sound mitigation strategies that strengthen their ICS cyber security posture and reduce risk.

What are the US critical infrastructure sectors?

Presidential Policy Directive 21 (PPD-21), National Infrastructure Protection Plan (NIPP), and federal policies identified and categorized U.S. critical infrastructure into the following 16 critical infrastructure sectors:

Chemical
Commercial Facilities
Communications
Critical Manufacturing
Dams
Defense Industrial Base
Emergency Services
Energy
Financial Services
Food and Agriculture
Government Facilities
Healthcare and Public Health
Information Technology
Nuclear Reactors, Materials, and Waste
Transportation Systems
Water and Wastewater Systems
How does the CISA ICS team coordinate work with other government stakeholders?

The original ICS team established the Control Systems Security Working Group (CSSWG), which provides a forum for federal stakeholders through which the federal government can communicate and coordinate its efforts to improve control systems cyber security in critical infrastructure. These efforts foster interaction and collaboration between and among federal departments and agencies regarding control systems cyber security initiatives.

The CSSWG teams individuals from various federal departments and agencies who have roles and responsibilities involved with securing industrial control systems within US critical infrastructure. Because many cyber security challenges are similar from sector to sector, this collaborative effort benefits the nation by promoting and leveraging existing work and maximizing efficient resource use.

Who are CISA’s partners?

CISA exchanges information across the global cyber security community to improve the security of the Nation’s critical infrastructure and the systems and assets on which Americans depend. Partners with which CISA may share anonymized information include U.S. federal agencies, private sector organizations, the research community, SLTT governments, and international entities.

What other services does CISA offer?

CISA stakeholders include the Federal Government; state, local, tribal, and territorial (SLTT) governments; the private sector; and international partners.

What types of informational products does CISA offer? How do I sign up to receive these products?
CISA shares timely, actionable information to the broadest extent possible.

Subscriptions are available to all users for:

Advisories, containing a summary current security issues, vulnerabilities, and exploits.
Alerts, of provides timely notification to critical infrastructure owners and operators concerning threats or activity with the potential to impact critical infrastructure computing networks.
To receive one or more CISA products via email, visit our Mailing Lists and Feeds webpage.

CISA also co-sponsors the NVD—the U.S. Government’s repository of standards-based vulnerability management data.