TheCybersecurity and Infrastructure Security Agency (CISA) is a component of theUnited States Department of Homeland Security (DHS) responsible forcybersecurity andinfrastructure protection across all levels of government, coordinating cybersecurity programs withU.S. states, and improving the government's cybersecurity protections against private and nation-statehackers.[4] The term "cyber attack" covers a wide variety of actions ranging from simple probes, to defacing websites, to denial of service, to espionage and destruction.
Currently headquartered inArlington, Virginia, in 2025 CISA is planning to move its headquarters along with 6,500 employees to a new 10 story, 620,000 sq ft building on the consolidated DHSSt. Elizabeths campus headquarters.[8]
TheNational Protection and Programs Directorate (NPPD) was formed in 2007 as a component of theUnited States Department of Homeland Security.[9] NPPD's goal was to advance the Department'snational security mission by reducing and eliminating threats to U.S. critical physical and cyber infrastructure.
On November 16, 2018, PresidentTrump signed into law theCybersecurity and Infrastructure Security Agency Act of 2018, which elevated the mission of the former NPPD within DHS, establishing the Cybersecurity and Infrastructure Security Agency (CISA).[10] CISA is a successor agency to NPPD, and assists both other government agencies and private sector organizations in addressing cybersecurity issues.[11] Former NPPD Under-SecretaryChristopher Krebs was CISA's first Director, and former Deputy Under-SecretaryMatthew Travis was its first deputy director.[12][13]
On January 22, 2019, CISA issued its first Emergency Directive (19-01: Mitigate DNS Infrastructure Tampering)[14] warning that "an active attacker is targeting government organizations" usingDNS spoofing techniques to performman-in-the-middle attacks.[15] Research group FireEye stated that "initial research suggests the actor or actors responsible have a nexus to Iran."[16]
In 2020, CISA created a website, titledRumor Control, to rebutdisinformation associated with the2020 United States presidential election.[17] On November 12, 2020, CISA issued a press release asserting, "There is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised."[18] On the same day, Director Krebs indicated that he expected to be dismissed from his post by the Trump administration.[19] Krebs was subsequently fired by President Trump on November 17, 2020[20] via tweet for his comments regarding the security of the election.[21] According to various reports and statistics, the scale and frequency of cyber-attacks have been steadily increasing in recent years. For example, the number of data breaches reported in 2020 alone reached a record high of 3,932, a 48% increase compared to the previous year, with over 37 billion records exposed globally, and also the average cost of a data breach in 2020 was estimated to be $3.86 million, with an average time to identify and contain a breach of 280 days.[22]
On July 12, 2021, theSenate confirmedJen Easterly by a voice vote.[23] Easterly's nomination had been reported favorably out ofSenate Committee on Homeland Security and Governmental Affairs on June 16, but a floor vote had been reportedlyheld (delayed) bySenator Rick Scott over broader national security concerns, until the President or Vice President had visited the southern border with Mexico.[24] Easterly hired new staff to monitor online disinformation to enhance what she called the nation's "cognitive infrastructure" and utilized the existing rumor control website during the 2021 elections.[25]
In September 2022, CISA released their 2023–2025 CISA Strategic Plan, the first comprehensive strategy document since the agency was established in 2018.[26]
Resentful over CISA continuing to contradicthis false claims of election fraud, when Donald Trump returned to the presidency in 2025, he directed his administration to start dismantling CISA. The administration canceled programs that monitor foreign influence, foreign election disinformation, and foreign attempts to break into critical infrastructure like voting systems and electrical grids. It also canceled contracts forpenetration testing of local election systems.[27]
The Continuous Diagnostics and Mitigations program provides cybersecurity tools and services to federal agencies.[30][31]
CISA issues "binding operational directives" that require federal government agencies to take action against specific cybersecurity risks.[32]
In March 2021, CISA assumed control of the.govtop-level domain (TLD) from theGeneral Services Administration. CISA manages the approval of domains and operates the TLDDomain Name System nameservers. In April 2021, CISA removed the fee for registering domains.[33] In January 2023,Cloudflare received a $7.2M contract to provide DNS registry and hosting services for the TLD.[34]
CISA provides incident response services to the federal executive branch and US-based entities.
CISA manages theEINSTEIN intrusion detection system to detect malicious activity on federal government agency networks.
In August 2021, Easterly stated "One could argue we’re in the business of critical infrastructure, and the most critical infrastructure is our cognitive infrastructure, so building that resilience to misinformation and disinformation, I think, is incredibly important."[36]
In 2021, CISA released a report that provided guidance for how to navigate and preventransomware incidents. This was due to a significant jump in recent attacks related to ransomware.[37]
^"About CISA". Department of Homeland Security. November 19, 2018.Archived from the original on July 6, 2019. RetrievedDecember 16, 2018. This article incorporates text from this source, which is in thepublic domain.
^"Emergency Directive 19-01".cyber.dhs.gov. Department of Homeland Security. January 22, 2019.Archived from the original on July 3, 2019. RetrievedFebruary 16, 2019.
This article incorporates text from this source, which is in thepublic domain.
