Tag: CISA

Trump Administration Launches First Cybersecurity Principles for Space Technologies


The Trump Administration announced the first comprehensive cybersecurity policy for systems used in outer space and near space on Friday.

Space Policy Directive- 5 (SPD-5) makes clear the lead role the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) have in in enhancing the nation’s cyber defenses in space, notably on key systems used for global communications, navigation, weather monitoring, and other critical services.

“From establishing CISA in 2018 to today’s directive to protect American interests on the final frontier, President Trump is empowering the Department of Homeland Security to defend the nation against ever-evolving cyber threats,” said Acting Homeland Security Secretary Chad F. Wolf. “The security of the homeland depends upon the security of our space systems, interests, and freedom of action in space. The policy unveiled today is a critical step in establishing a baseline standard for cybersecurity as America leads in space and cyberspace alike.” 

Legacy space systems, networks, and channels may be vulnerable to malicious cyber activities that can deny, degrade, or disrupt space-systems operations or even destroy a satellite with potential cascading effects into critical infrastructure sectors. 

Building security and resilience into space systems is essential to maximizing their potential and supporting the American people, economy, and homeland security enterprise.

SPD-5 establishes the following key cybersecurity principles of space systems:

  • Space systems and their supporting infrastructure including software, should be developed and operated using risk-based, cybersecurity-informed engineering;
     
  • Space systems operators should develop or integrate cybersecurity plans for space systems that include capabilities to ensure operators or automated control center systems can retain or recover positive control of space vehicles, and verify the integrity, confidentiality, and availability of critical functions and the missions, services, and data they provide;
     
  • Space system cybersecurity requirements and regulations should leverage widely-adopted best practices and norms of behavior;
     
  • Space system owners and operators should collaborate to promote the development of best practices and mitigations to the extent permitted by law and regulation; and,
     
  • Space systems security requirements should be designed to be effective while allowing space operators to manage appropriate risk tolerances and minimize undue burden to civil, commercial, and other non-government space system operators.

“The Department of Homeland Security looks forward to continue to work with its partner agencies to implement these principles to help protect the American people,” Acting Secretary Wolf concluded.

For more information regarding the provisions, please visit: https://www.whitehouse.gov/wp-content/uploads/2020/09/2020SPD5.mem_.pdf

Blogs to Follow:

DHS.gov (September 2020)  Trump Administration Launches First Cybersecurity Principles for Space Technologies

CISA Releases Guide for America’s Election Administrators


Federal authorities say one of the gravest threats to the November election is a well-timed ransomware attack that could paralyze voting operations. The threat isn’t just from foreign governments, but any fortune-seeking criminal.

As a result, the Cybersecurity and Infrastructure Security Agency (CISA) released the Guide to Vulnerability Reporting for America’s Election Administrators. The guide walks election officials through the steps of establishing a vulnerability disclosure program. 

Vulnerability disclosures can be an effective way for organizations to benefit from cybersecurity expertise without having it resident to their organization.  

CISA released two new assessments and infographics on Election Infrastructure Cyber Risk and Mail-in Voting in 2020 Infrastructure Risk.

Each method of voting carries risk that you, as election officials, manage.

These assessments and infographics are voluntary resources intended to help the Federal Government and election officials understand and manage risks to election infrastructure and operations.

“Election officials have spent years beefing up security to their systems and closing these vulnerability gaps to keep our elections safe and secure,” said CISA Director Christopher Krebs. “Cybersecurity researchers can be great and responsible partners in this effort and we are creating this guide as a way to help state and local election officials understand the support they can offer and how to work with them in our collective, whole of nation effort to protect our elections.”  

The guide aims to help election officials understand the role that the cybersecurity research community can play in helping officials keep systems secure so that the American public’s voice can be clearly heard.

The guide includes a number of best practices for improving and addressing vulnerabilities within election systems, and offers a step-by-step guide for election administrators who seek to establish a successful vulnerability disclosure program.  

Accordingly, an electoral process that is both secure and resilient is a vital national interest and one of CISA’s highest priorities.

CISA is committed to working collaboratively with those on the front lines of elections—state and local governments, election officials, federal partners, and vendors—to manage risks to the Nation’s election infrastructure. CISA will remain transparent and agile in its vigorous efforts to secure America’s election infrastructure from new and evolving threats.

While ultimate responsibility for administering the Nation’s elections rests with state and local governments, CISA offers a variety of free services to help states ensure both the physical security and cybersecurity of their elections infrastructure.

Additionally, election infrastructure’s critical infrastructure designation enables CISA to provide services on a prioritized basis at the request of state and local elections officials.

Blogs to Follow:

CISA.gov (August 2020) CISA RELEASES GUIDE TO VULNERABILITY REPORTING FOR AMERICA’S ELECTION ADMINISTRATORS; ELECTION INFRASTRUCTURE SECURITY