Login
Login

Cybersecurity and Infrastructure Security Agency

{{Short description|Agency of the United States Department of Homeland Security}}

{{About|CISA|CSIAC|Cyber Security and Information Systems Information Analysis Center}}

{{Infobox government agency

| agency_name = Cybersecurity and Infrastructure Security Agency

| nativename =

| nativename_a =

| nativename_r =

| logo =

| logo_width =

| logo_caption =

| image = Cybersecurity and Infrastructure Security Agency flag.png

| type =

| seal = Seal of Cybersecurity and Infrastructure Security Agency.svg

| seal_width = 165px

| seal_caption = Seal of CISA

| image_size = 250px

| image_caption = Flag of CISA

| formed = {{start date and age|2018|11|26}}

| preceding1 = National Protection and Programs Directorate

| dissolved =

| jurisdiction = United States Federal Government

| headquarters = Washington, DC, United States

| motto = "America's Cyber Defense Agency"

| employees = 3,641 {{small|(2025)}}{{cite web |url=https://www.cisa.gov/news-events/news/cisa-hiring-hits-high-score-and-were-not-done |title=CISA Hiring Hits High Score, and We're Not Done!! |date=21 August 2023 |access-date=24 August 2023 }}

| budget = $3.0 billion {{small|(2025)}}

| chief1_name = Madhu Gottumukkala (Acting)

| chief1_position = Director{{cite web|url=https://www.dhs.gov/leadership|title=Leadership|date=September 7, 2006|publisher=US Department of Homeland Security}}

| chief2_name = Madhu Gottumukkala

| chief2_position = Deputy Director{{cite web|url=https://www.cisa.gov/about/leadership/dr-madhu-gottumukkala|title=Madhu Gottumukkala|publisher=Department of Homeland Security|date=June 4, 2025|access-date=June 4, 2025|url-status=live|archive-url=https://web.archive.org/web/20250604231410/https://www.cisa.gov/about/leadership/dr-madhu-gottumukkala |archive-date=June 4, 2025}}

| parent_department = Department of Homeland Security

| parent_agency =

| child1_agency =

| child2_agency =

| website = {{URL|cisa.gov}}

}}

The Cybersecurity and Infrastructure Security Agency (CISA) is a component of the United States Department of Homeland Security (DHS) responsible for cybersecurity and infrastructure protection across all levels of government, coordinating cybersecurity programs with U.S. states, and improving the government's cybersecurity protections against private and nation-state hackers.{{Cite news |last=Cimpanu |first=Catalin |date=November 16, 2018 |title=Trump signs bill that creates the Cybersecurity and Infrastructure Security Agency |work=ZDNet |url=https://www.zdnet.com/article/trump-signs-bill-that-creates-the-cybersecurity-and-infrastructure-security-agency/ |url-status=live |access-date=December 16, 2018 |archive-url=https://web.archive.org/web/20190219233958/https://www.zdnet.com/article/trump-signs-bill-that-creates-the-cybersecurity-and-infrastructure-security-agency/ |archive-date=February 19, 2019}} The term cyber attack covers a wide variety of actions ranging from simple probes, to defacing websites, to denial of service, to espionage and destruction.

The agency began in 2007 as the DHS National Protection and Programs Directorate.{{cite web |date=19 November 2018 |title=About CISA |url=https://www.dhs.gov/cisa/about-cisa |url-status=live |archive-url=https://web.archive.org/web/20190706160119/https://www.dhs.gov/cisa/about-cisa |archive-date=6 July 2019 |access-date=16 December 2018 |publisher=Department of Homeland Security}} {{PD-notice}} With the Cybersecurity and Infrastructure Security Agency Act of 2018, CISA's footprint grew to include roles protecting the census, managing National Special Security Events, and the U.S. response to the COVID-19 pandemic. It has also been involved in overseeing 5G network security, securing elections, and strengthening the US grid against electromagnetic pulses (EMPs).{{Cite web |title=National Risk Management Center |url=https://www.cisa.gov/about/divisions-offices/national-risk-management-center|access-date=2023-08-24 |publisher=Cybersecurity and Infrastructure Security Agency|archive-date=February 24, 2023|archive-url=https://web.archive.org/web/20230224154142/https://www.cisa.gov/about/divisions-offices/national-risk-management-center}} The Office for Bombing Prevention leads the national counter-IED effort.{{Cite web |date=2023-06-08 |title=OBP Fact Sheet|url=https://www.cisa.gov/resources-tools/resources/obp-fact-sheet |access-date=2023-08-24|publisher=Cybersecurity and Infrastructure Security Agency|language=en-US}}

Currently headquartered in Arlington, Virginia, in 2025 CISA is planning to move its headquarters along with 6,500 employees to a new 10 story, 620,000 sq ft building on the consolidated DHS St. Elizabeths campus headquarters.{{Cite web |last=Weisner |first=Molly |date=2023-08-17 |title=Homeland Security to break ground on new CISA, ICE offices |url=https://www.federaltimes.com/acquisition/gsa/2023/08/17/homeland-security-to-break-ground-on-new-cisa-ice-offices/ |access-date=2023-08-24 |website=Federal Times |language=en}}

History

The National Protection and Programs Directorate (NPPD) was formed in 2007 as a component of the United States Department of Homeland Security.{{cite web |url=https://www.dhs.gov/xabout/structure/editorial_0794.shtm |title=DHS | About the National Protection and Programs Directorate |publisher=Dhs.gov |date=2011-08-26 |access-date=2011-09-27 |archive-date=2011-09-25 |archive-url=https://web.archive.org/web/20110925073645/http://www.dhs.gov/xabout/structure/editorial_0794.shtm |url-status=live }} NPPD's goal was to advance the Department's national security mission by reducing and eliminating threats to U.S. critical physical and cyber infrastructure.

On November 16, 2018, President Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018, which elevated the mission of the former NPPD within DHS, establishing the Cybersecurity and Infrastructure Security Agency (CISA).{{cite web |url=https://www.dhs.gov/CISA |title=Cybersecurity and Infrastructure Security Agency |author= |website=DHS.gov |access-date=24 November 2018 |archive-date=23 November 2018 |archive-url=https://web.archive.org/web/20181123120156/https://www.dhs.gov/CISA |url-status=live }} CISA is a successor agency to NPPD, and assists both other government agencies and private sector organizations in addressing cybersecurity issues.{{Cite web|last=Ropek|first=Lucas|date=2020-07-28|title=Will CISA Be the Savior of State and Local Cybersecurity?|url=https://www.govtech.com/security/Will-CISA-Be-the-Savior-of-State-and-Local-Cybersecurity.html|access-date=2020-11-18|website=Government Technology|language=en}} Former NPPD Under-Secretary Christopher Krebs was CISA's first Director, and former Deputy Under-Secretary Matthew Travis was its first deputy director.{{Cite web |last=Johnson |first=Derek B. |date=2018-03-18 |title=NPPD taps vendor for No. 2 role |url=https://fcw.com/articles/2018/03/20/travis-nppd-deputy-cyber.aspx |url-status=live |archive-url=https://web.archive.org/web/20190930210315/https://fcw.com/articles/2018/03/20/travis-nppd-deputy-cyber.aspx |archive-date=2019-09-30 |access-date=2019-03-15 |website=Federal Computer Week |language=en}}{{Cite web |last=Rockwell |first=Mark |date=2018-12-20 |title=Standing up CISA |url=https://fcw.com/articles/2018/12/20/standing-up-cisa-rockwell.aspx |url-status=live |archive-url=https://web.archive.org/web/20190930210311/https://fcw.com/articles/2018/12/20/standing-up-cisa-rockwell.aspx |archive-date=2019-09-30 |access-date=2019-03-15 |website=Federal Computer Week |language=en}}

On January 22, 2019, CISA issued its first Emergency Directive (19-01: Mitigate DNS Infrastructure Tampering){{cite web |title=Emergency Directive 19-01 |url=https://cyber.dhs.gov/ed/19-01/ |website=cyber.dhs.gov |date=22 January 2019 |publisher=Department of Homeland Security |access-date=16 February 2019 |archive-date=3 July 2019 |archive-url=https://web.archive.org/web/20190703140320/https://cyber.dhs.gov/ed/19-01/ |url-status=live }} warning that "an active attacker is targeting government organizations" using DNS spoofing techniques to perform man-in-the-middle attacks.{{cite web |last1=Krebs |first1=Christopher |title=Why CISA issued our first Emergency Directive |url=https://cyber.dhs.gov/blog/#why-cisa-issued-our-first-emergency-directive |website=cyber.dhs.gov |publisher=Department of Homeland Security |access-date=16 February 2019 |archive-date=6 July 2019 |archive-url=https://web.archive.org/web/20190706145116/https://cyber.dhs.gov/blog/#why-cisa-issued-our-first-emergency-directive |url-status=live }} Research group FireEye stated that "initial research suggests the actor or actors responsible have a nexus to Iran."{{cite web |last1=Hirani |first1=Muks |last2=Jones |first2=Sarah |last3=Read |first3=Ben |title=Global DNS Hijacking Campaign: DNS Record Manipulation at Scale |url=https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html |website=FireEye |access-date=16 February 2019 |archive-date=25 June 2019 |archive-url=https://web.archive.org/web/20190625182736/https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html |url-status=live }}

In 2020, CISA created a website, titled Rumor Control, to rebut disinformation associated with the 2020 United States presidential election.{{Cite news|last1=Courtney|first1=Shaun|last2=Sebenius|first2=Alysa|last3=Wadhams|first3=Nick|date=2020-11-12|title=Turmoil Hits Cyber Agency Engaged in Election as Staff Leave|language=en|work=Bloomberg News|url=https://www.bloomberg.com/news/articles/2020-11-12/senior-u-s-cyber-official-involved-in-election-leaves-agency|access-date=2020-11-18}} On November 12, 2020, CISA issued a press release asserting, "There is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised."{{Cite web|title=Federal cybersecurity agency calls election 'most secure in American history'|url=https://www.engadget.com/cisa-2020-election-security-022224313.html|access-date=2020-11-17|website=Engadget|date=13 November 2020 |language=en}} On the same day, Director Krebs indicated that he expected to be dismissed from his post by the Trump administration.{{Cite news|last1=Geller|first1=Eric|last2=Bertrand|first2=Natasha|author-link2=Natasha Bertrand|date=2020-11-12|title=Top cyber official expecting to be fired as White House frustrations hit agency protecting elections|language=en|work=Politico|url=https://www.politico.com/news/2020/11/12/cyber-official-chris-krebs-likely-out-436342|access-date=2020-11-13}} Krebs was subsequently fired by President Trump on November 17, 2020{{Cite web |title=Trump fires head of U.S. election cybersecurity who debunked conspiracy theories |url=https://www.nbcnews.com/tech/security/trump-fires-head-u-s-election-cybersecurity-after-he-debunked-n1248063 |access-date=2022-07-01 |website=NBC News |date=18 November 2020 |language=en}} via tweet for his comments regarding the security of the election.{{Cite web|author=Kaitlan Collins and Paul LeBlanc|title=Trump fires director of Homeland Security agency who had rejected President's election conspiracy theories|url=https://www.cnn.com/2020/11/17/politics/chris-krebs-fired-by-trump/index.html|access-date=2020-11-18|website=CNN|date=18 November 2020 }} According to various reports and statistics, the scale and frequency of cyber-attacks have been steadily increasing in recent years. For example, the number of data breaches reported in 2020 alone reached a record high of 3,932, a 48% increase compared to the previous year, with over 37 billion records exposed globally, and also the average cost of a data breach in 2020 was estimated to be $3.86 million, with an average time to identify and contain a breach of 280 days.{{Cite journal |last=Riskhan |first=Basheer 1 |date=2024 |title=Physical Security to Cybersecurity (Challenges and Implications in the Modern Digital Landscape) |url=https://www.proquest.com/docview/3073676315 |journal=Physical Security to Cybersecurity (Challenges and Implications in the Modern Digital Landscape) |pages=692–702|id={{ProQuest|3073676315}} }}

File:DHS Secretary Alejandro Mayorkas Participates in CISA Swearing In Ceremony - 51369641326.jpg at CISA's current headquarters in Arlington, Virginia in 2021.]]

On July 12, 2021, the Senate confirmed Jen Easterly by a voice vote.{{Cite web|date=2021-06-16|title=PN420 - Nomination of Jen Easterly for Department of Homeland Security, 117th Congress (2021-2022)|url=https://www.congress.gov/nomination/117th-congress/420|access-date=2021-07-12|website=www.congress.gov}} Easterly's nomination had been reported favorably out of Senate Committee on Homeland Security and Governmental Affairs on June 16, but a floor vote had been reportedly held (delayed) by Senator Rick Scott over broader national security concerns, until the President or Vice President had visited the southern border with Mexico.{{Cite web|last=Miller|first=Maggie|date=2021-06-23|title=Rick Scott blocks Senate vote on top cyber nominee until Harris visits border|url=https://thehill.com/policy/cybersecurity/559936-rick-scott-blocks-senate-vote-on-top-cyber-nominee-until-harris-visits|access-date=2021-07-12|website=The Hill|language=en}} Easterly hired new staff to monitor online disinformation to enhance what she called the nation's "cognitive infrastructure" and utilized the existing rumor control website during the 2021 elections.Maggie Miller. (10 November 2021). "Cyber agency beefing up disinformation, misinformation team". [https://thehill.com/policy/cybersecurity/580990-cyber-agency-beefing-up-disinformation-misinformation-team/ The Hill website] Retrieved 18 December 2023.

In September 2022, CISA released their 2023–2025 CISA Strategic Plan, the first comprehensive strategy document since the agency was established in 2018.{{Cite web |title=Strategic Plan {{!}} CISA |url=https://www.cisa.gov/strategy |access-date=2022-09-17 |website=cisa.gov}}

Resentful over CISA continuing to contradict his false claims of election fraud, when Donald Trump returned to the presidency in 2025, he directed his administration to start dismantling CISA. The administration canceled programs that monitor foreign influence, foreign election disinformation, and foreign attempts to break into critical infrastructure like voting systems and electrical grids. It also canceled contracts for penetration testing of local election systems.{{cite news |url=https://www.nytimes.com/2025/04/05/us/politics/trump-loomer-haugh-cyberattacks-elections.html |title=Trump Weakens U.S. Cyberdefenses at a Moment of Rising Danger |author1=David E. Sanger |author2=Nick Corasaniti |date=April 5, 2025 |newspaper=The New York Times}}

Organization

File:Resilience Series 01 Real Fake.pdf from CISA about disinformation and misinformation campaigns]]

CISA divisions include the:{{Cite web |date= |title=Cybersecurity and Infrastructure Security Agency Divisions & Offices |url=https://www.cisa.gov/about/divisions-offices |access-date=26 March 2023 |language=en}}

  • Cybersecurity Division
  • National Cybersecurity and Communications Integration Center
  • Capacity Building
  • Joint Cyber Defense Collaborative
  • Mission Engineering
  • Office of the Technical Director
  • Threat Hunting
  • Vulnerability Management
  • Infrastructure Security Division
  • Bombing Prevention
  • Chemical Security
  • Exercises
  • Infrastructure Assessment & Analysis
  • School Safety
  • Strategy, Performance & Resources
  • Emergency Communications Division
  • National Risk Management Center
  • Integrated Operations Division
  • Regions 1 through 10{{Cite web |last=Cybersecurity and Infrastructure Security Agency |title=CISA Regions |url=https://www.cisa.gov/about/regions |access-date=26 March 2023}}
  • Stakeholder Engagement Division
  • Council Management
  • International
  • Sector Management
  • Strategic Relations

Programs

The Continuous Diagnostics and Mitigations program provides cybersecurity tools and services to federal agencies.{{Cite web |last=Miller |first=Jason |date=7 November 2022 |title=CISA signature federal cyber program warrants more than a passing anniversary nod |url=https://federalnewsnetwork.com/reporters-notebook-jason-miller/2022/11/cisa-signature-federal-cyber-program-warrants-more-than-a-passing-anniversary-nod/ |access-date=26 March 2023 |website=Federal News Network}}{{Cite web |last=Cybersecurity and Infrastructure Security Agency |title=Continuous Diagnostics and Mitigations Program |url=https://www.cisa.gov/resources-tools/programs/continuous-diagnostics-and-mitigation-cdm-program |access-date=26 March 2023}}

CISA issues "binding operational directives" that require federal government agencies to take action against specific cybersecurity risks.{{Cite web |last=Cybersecurity and Infrastructure Security Agency |title=Cybersecurity Directives |date=18 May 2022 |url=https://www.cisa.gov/news-events/directives |access-date=26 March 2023}}

In March 2021, CISA assumed control of the .gov top-level domain (TLD) from the General Services Administration. CISA manages the approval of domains and operates the TLD Domain Name System nameservers. In April 2021, CISA removed the fee for registering domains.{{Cite web |last=Cybersecurity and Infrastructure Security Agency |date=27 April 2021 |title=A new day for .gov |url=https://get.gov/posts/2021-04-27-a-new-day-for-.gov/ |access-date=26 March 2023}} In January 2023, Cloudflare received a $7.2M contract to provide DNS registry and hosting services for the TLD.{{Cite web |last=Cloudflare |date=13 January 2023 |title=Cloudflare Wins CISA Contract for Registry and Authoritative Domain Name System (DNS) Services |url=https://cloudflare.net/news/news-details/2023/Cloudflare-Wins-CISA-Contract-for-Registry-and-Authoritative-Domain-Name-System-DNS-Services/default.aspx |access-date=26 March 2023}}

CISA provides incident response services to the federal executive branch and US-based entities.

CISA manages the EINSTEIN intrusion detection system to detect malicious activity on federal government agency networks.

The National Defense Authorization Act for Fiscal Year 2021 granted CISA the authority to issue administrative subpoenas in order to identify the owners of internet connected critical infrastructure related devices with specific vulnerabilities. In 2021, CISA issued 47 subpoenas.{{Cite web |title=CY2021 ADMINISTRATIVE SUBPOENA FOR VULNERABILITY NOTIFICATION YEAR IN REVIEW |url=https://www.cisa.gov/sites/default/files/2023-01/CY2021_Admin_Subpoena_Summary_Factsheet_FINAL.pdf |access-date=2023-06-16}}

In August 2021, Easterly stated "One could argue we’re in the business of critical infrastructure, and the most critical infrastructure is our cognitive infrastructure, so building that resilience to misinformation and disinformation, I think, is incredibly important."{{Cite web |last1=Klippenstein |first1=Ken |last2=Fang |first2=Lee |date=October 31, 2022 |title=Leaked Documents Outline DHS's Plans to Police Disinformation |url=https://theintercept.com/2022/10/31/social-media-disinformation-dhs/ |access-date=2023-01-17 |website=The Intercept |language=en}}

In 2021, CISA released a report that provided guidance for how to navigate and prevent ransomware incidents. This was due to a significant jump in recent attacks related to ransomware.{{cite journal |last1=Piper |first1=D L A |date=July 2021 |title=Cybersecurity and infrastructure security agency releases guidance regarding ransomware |url=https://csu-sfsu.primo.exlibrisgroup.com/discovery/fulldisplay?docid=cdi_proquest_reports_2630356925&context=PC&vid=01CALS_SFR:01CALS_SFR&lang=en&search_scope=Everything_RAPIDO&adaptor=Primo%20Central&tab=Everything&query=any,contains,Cybersecurity%20and%20Infrastructure%20Security%20Agency&offset=0 |journal=Journal of Internet Law |volume=25 |issue=1 |pages=1–17}}

Committees

= Cybersecurity Advisory Committee =

In 2021, the Agency created the Cybersecurity Advisory Committee with the following members:{{Cite web |title=CISA Names 23 Members to New Cybersecurity Advisory Committee {{!}} CISA |url=https://www.cisa.gov/news/2021/12/01/cisa-names-23-members-new-cybersecurity-advisory-committee |access-date=2023-01-17 |website=cisa.gov|date=December 2021 }}

  • Steve Adler, Mayor, City of Austin, Texas
  • Marene Allison, Chief Information Security Officer, Johnson & Johnson
  • Lori Beer, Chief Information Officer, JPMorgan Chase
  • Robert Chesney, James A. Baker III Chair in the Rule of Law and World Affairs, University of Texas School of Law
  • Thomas Fanning, chairman, President and CEO, Southern Company
  • Vijaya Gadde
  • Patrick D. Gallagher, Chancellor, University of Pittsburgh
  • Ronald Green, Executive Vice President and Chief Security Officer, Mastercard
  • Niloofar Razi Howe, board member, Tenable
  • Kevin Mandia, chief executive officer, Mandiant
  • Jeff Moss, President, DEF CON Communications
  • Nuala O’Connor, Senior Vice President & Chief Counsel, Digital Citizenship, Walmart
  • Nicole Perlroth, Cybersecurity journalist
  • Matthew Prince, chief executive officer, Cloudflare
  • Ted Schlein, General Partner, Kleiner Perkins; and Caufield & Byers
  • Stephen Schmidt, Chief Information Security Officer, Amazon Web Services
  • Suzanne Spaulding, Senior Advisor for Homeland Security, CSIS
  • Alex Stamos, Partner, Krebs Stamos Group
  • Kate Starbird, Associate Professor, Human Centered Design & Engineering, University of Washington
  • George Stathakopoulos, Vice President of Corporate Information Security, Apple
  • Alicia Tate-Nadeau (ARNG-Ret.), Director, Illinois Emergency Management Agency
  • Nicole Wong, Principal, NWong Strategies
  • Chris Young, Executive Vice President of Business Development, Strategy, and Ventures, Microsoft

Directors

{{Main|Director of the Cybersecurity and Infrastructure Security Agency}}

class="wikitable sortable" style="text-align:center;"
rowspan=2| {{abbr|No.|Number}}

! colspan=2| Director

! colspan=3| Term

Portrait

! Name

! Took office

! Left office

! Term length

{{Officeholder table

| order = 1

| image = Chris Krebs official photo.jpg

| officeholder = Chris C. Krebs

| officeholder_sort = Krebs, Chris C.

| term_start = 16 November 2018

| term_end = 17 November 2020

| timeinoffice = {{ayd|16 November 2018|17 November 2020}}

}}

{{Officeholder table

| order = 2

| image = Director-Jen-Easterly-portrait.jpg

| officeholder = Jen M. Easterly

| officeholder_sort = Easterly, Jen M.

| term_start = 13 July 2021

| term_end = 20 January 2025

| timeinoffice = {{ayd|13 July 2021|20 January 2025}}

}}

See also

References

{{Reflist}}

External links

  • {{official website}}

{{DHS agencies}}

{{authority control}}

Category:2018 establishments in the United States

Category:Ballston, Virginia

Category:Business services companies established in 2018

Category:Computer security organizations

Category:Emergency services in the United States

Category:Government agencies established in 2018

Category:United States Department of Homeland Security agencies