CISA - Experts & Thought Leaders

The Department of Homeland Security (DHS), through the Federal Emergency Management Agency (FEMA) and the Cybersecurity and Infrastructure Security Agency (CISA), announced more than $18.2 million in Tribal Cybersecurity Grant programme (TCGP) awards to assist Tribal Nations with managing and reducing systemic cyber risk and threats. These are the first-ever Tribal Cybersecurity Grants to be awarded. The grant programme was established by the Bipartisan Infrastructure Law and the more than 30 grant awards represent the largest number of awards ever provided by the Department to Tribal Nations in a single grant programme. Addressing digital and cybersecurity threats “For far too long, Tribal Nations have faced digital and cybersecurity threats without the resources necessary to build resilience,” said Secretary of Homeland Security Alejandro N. Mayorkas. “The Department of Homeland Security’s first-ever Tribal Cybersecurity Grant programme awards announced today, made possible by President Biden’s Bipartisan Infrastructure Law will help tribes and tribal communities ensure they have the tools to assess risks, implement solutions, and increase cyber defences.” Cybersecurity challenges Digital threats impacting American Indian and Alaska Native tribes are becoming more complex Digital threats impacting American Indian and Alaska Native tribes are increasing and becoming more complex, and tribal sovereignty creates unique cybersecurity challenges for these communities that have been consistently underfunded and under-resourced. This programme is another example of a unified approach across DHS. This FEMA-administered programme leverages CISA’s capabilities to support grant recipients. Cybersecurity resilience “With these first-ever Tribal Cybersecurity Grants, we are not just addressing immediate needs, but also reinforcing the infrastructure that supports the sovereignty and resilience of Tribal Nations,” said FEMA Administrator Deanne Criswell. “This funding, benefitting the largest number of tribal recipients to build cybersecurity resilience in FEMA’s history, is a testament to our dedication to a safer, more secure future for all communities." “These grants will help Tribal Nations combat the growing cyber threats they face every day and build resilience for their critical infrastructure,” CISA Director Jen Easterly said. “We’re proud to work with our federal partners to help Tribal Nations strengthen their cybersecurity.” Tribal Cybersecurity Grant programme The Tribal Cybersecurity Grant programme will fund efforts to establish critical governance frameworks for Tribal Nations to address cyber threats and vulnerabilities, identify key vulnerabilities and evaluate needed capabilities, implement measures to mitigate the threats, and develop a 21st-century cyber workforce across local communities. All Tribal Cybersecurity Grant programme recipients are required to participate in a limited number of free services provided by CISA. These services are: Cyber Hygiene Vulnerability Scanning – Evaluates external network presence by continuously scanning public, static internet protocols (IPs) for accessible services and vulnerabilities. Nationwide Cybersecurity Review – A free, anonymous, annual self-assessment designed to measure gaps and capabilities of a recipient’s cybersecurity programmes. Cybersecurity risks protection The grants will significantly improve national resilience to cyber threats by giving Tribal Nations much-needed resources to address network security and take steps to protect against cybersecurity risks to help them strengthen their communities. In addition, federally recognised tribes are eligible to apply for millions more in tribal cybersecurity funding that will be announced later in 2024.

ASIS International, the world’s largest association for security management professionals, has announced its programming lineup for Global Security Exchange (GSX) 2024 with in-person and digital experiences taking place 23-25 September at the Orange County Convention Centre in Orlando, FL and via the online GSX event platform. "Pioneering this year’s Selection Committee has been a privilege," said Dr. Diana M. Concannon, PsyD, PCI, CTM, 2024 GSX Selection Committee Chair. "Our exceptional educational lineup at this year’s event reflects the collective dedication of our globally diverse team of volunteers who served alongside me in a highly rigorous review process. Together, we've meticulously curated over 200 sessions, diving deep into contemporary security challenges, and pioneering innovative solutions. I look forward to connecting with you there!”  General session presentations GSX will offer timely general session presentations from acclaimed global keynote speakers. This year’s general session lineup is:  Monday 23 September Strategic Diplomacy: Charting Paths in a Rapidly Changing World|Sanna Marin, Former Prime Minister of Finland   Marin highlights the indispensable role of democratic alliances in facing significant threats As the youngest Prime Minister globally, Sanna Marin expertly guided Finland through a dynamic geopolitical arena. From navigating the global pandemic to swiftly pioneering Finland into NATO after the Russian invasion of Ukraine and addressing the urgent climate crisis, Ms. Marin’s tenure encapsulates pivotal moments in contemporary history. In this insightful discussion, Marin delves into the intricate facets of key geopolitical challenges, notably the Russian assault on Ukraine and Finland’s consequential entry into NATO.  With a keen focus on security and international relations, Marin highlights the indispensable role of democratic alliances in facing significant threats. She articulates strategies for mitigating dependencies on authoritarian regimes while advocating for the reinforcement of partnerships, resilience, and trust as essential components in adapting to the ever-evolving geopolitical landscape.   Tuesday 24 September Shields Ready – Why Resilience is the Most Important Security Measure for Critical Infrastructure|Jenn Easterly, Director, Cybersecurity and Infrastructure Security Agency (CISA) Impacts of such malicious cyber activity would likely go beyond network intrusion and data theft The U.S. intelligence community and closest geopolitical allies are in resounding agreement on who is the largest global security threat of the twenty-first century: The People’s Republic of China (PRC). They’ve warned that the PRC is almost certainly capable of launching cyberattacks that could disrupt the critical infrastructure Americans rely on daily, such as oil and gas pipelines, rail systems, and healthcare facilities. The impacts of such malicious cyber activity would likely go beyond network intrusion and data theft – with the potential to jeopardise the physical security of the institutions and the public. And in a Presidential election year, the PRC’s attempts to influence U.S. election operations is anticipated to exceed those already detected from previous cycles.  As America’s cyber defence agency and the national coordinator for critical infrastructure security and resilience, CISA is driving proactive risk reduction efforts in the face of these most pressing threats. Join CISA Director Jen Easterly for a discussion on how they can broaden the resilience investments and utilise collaborative partnerships – across industry, government, and communities – to ensure the nation is secure and increase the ability to respond and recover to the ever-evolving threat landscape presented by the greatest adversaries.   Wednesday 25 September Leadership and Accountability When It Matters|Commander Kirk Lippold, United States Navy (RET.)    Navigating the dual facets of privilege and burden in leadership demands a level of accountability that many aspire to achieve. In the aftermath of a harrowing suicide terrorist attack, Commander Kirk Lippold intricately weaves the principle of integrity into a narrative that extends beyond crisis management. He reveals how this principle fosters a diverse and inclusive environment, empowering his crew with a profound sense of ownership. In this crucible of combat, personal accountability and leadership become guiding principles. Lippold’s “Pillars of Leadership” emerge not only as invaluable business tenets but essential foundations for any team weathering challenges. GSX’s multi-faceted approach Newly announced GSX session lineup includes in-depth looks at timely issues Encompassing 200+ sessions tackling vital issues in the security profession, the newly announced GSX session lineup includes in-depth looks at timely issues within the following focus areas: Crime, Digital Transformation, Information Security, Law and Ethics, Managing Organisations, National Security, Physical and Operational Security, Professional Development, and Risk Management.  “GSX is a crucial global gathering for security professionals,” said Cy A. Oatridge, CPP, 2024 ASIS International President. “GSX’s multi-faceted approach with best-in-class education, an industry-pioneering exhibit hall featuring innovative solution providers, ample networking opportunities, and digital programming allows our attendees from across the globe the chance to elevate their knowledge, skills, and networks.” GSX education sessions  GSX 2024 will feature multiple pre-conference events on Saturday and Sunday In addition to the conference’s primary programming, GSX 2024 will feature multiple pre-conference events on Saturday and Sunday, including two-day workshops on facility security design and ESRM, APP, CPP, and PSP certification reviews, and Secure Horizons: An Immersive Experience for Senior Security Executives. Sunday’s pre-conference programming will include workshops on ESRM and stakeholder communication, ASIS Volunteers’ Day, and the ASIS Awards of Excellence and the Outstanding Security Performance Awards (OSPAs).  GSX education sessions include expert-led deep dives that can improve the practice of security professionals at any stage of their career, covering topics such as artificial intelligence, ESRM best practices, diversity, equity and inclusion (DEI), active assailants and workplace violence, cybersecurity, business continuity and crisis management, crime prevention, and more. All-Access Pass registrants can earn up to 22 CPEs toward their recertification whether they attend the in-person or digital experience. Advanced-level Game Changer session Each day of the conference will also feature an advanced-level Game Changer session designed to explore trends that will shape the security industry’s future. Monday’s session is titled “Knocked Down, Not Knocked Out: Building Organisational Resilience,” Tuesday’s session is “Do You Trust Me? How to Thrive in a Mistrustful Era,” and “When Chaos Reigns: The Critical Role of Security in Global Crises” will cap the game changer sessions on Wednesday.  Digital attendees will be able to access online GSX session recordings through 31 December. In-person attendees can add digital access to captured content to their registration. The complete digital session lineup will be announced shortly. More details about the GSX 2024 exhibit hall, which will feature approximately 500 companies highlighting drones, cybersecurity, robotics, and uncrewed systems; Career HQ, which will focus on career development; and the digital programming slate will be announced in the coming weeks.

The Department of Homeland Security (DHS), the Cybersecurity and Infrastructure Security Agency (CISA), and FEMA launched the new “Shields Ready” campaign to encourage the critical infrastructure community to focus on strengthening resilience. Resilience Resilience is the ability to prepare for, adapt to, withstand, and rapidly recover from disruptions caused by changing conditions. The new campaign was unveiled during a joint press conference at the Port of Long Beach, alongside speakers from the Long Beach, California, community, and members of the U.S. Coast Guard.   Reduce risk How to prepare critical infrastructure for potential disruption and how to build more resilience Shields Ready complements CISA’s successful “Shields Up” campaign, which encourages critical infrastructure stakeholders to take specific, time-sensitive actions that reduce risk in response to specific threat intelligence during cyberattacks, physical security threats, or natural disasters in response to specific threat intelligence. Shields Ready focuses more broadly and strategically on how to prepare critical infrastructure for potential disruption and how to build more resilience into systems, facilities, and processes by taking action before a crisis or incident even occurs. Shields Ready campaign Shields Ready aligns with and complements FEMA’s Ready campaign. Each campaign webpage will feature and link to the other for easy reference and use.  “In the constantly evolving threat environment that our nation faces today, our Department must remain ready and agile to prepare for and respond to threats against critical infrastructure,” said Secretary of Homeland Security Alejandro N. Mayorkas. Risk management and incident response DHS is building on its critical safety and security mission and meeting the challenges" “The Shields Ready campaign, spearheaded by CISA and supported by FEMA, will ensure our nation’s critical infrastructure is better equipped and more resilient against all threats and hazards, ranging from cyberattacks to natural disasters." "By working with our partners and providing them with the tools they need for more effective risk management and incident response, DHS is building on its critical safety and security mission and meeting the challenges of today and tomorrow,” said Alejandro. Improve infrastructure resilience “Our nation's critical infrastructure entities from schools to hospitals to water facilities must have the tools and resources to respond to and recover from disruption,” said CISA Director Jen Easterly.  "As the National Coordinator for critical infrastructure security, CISA is launching the Shields Ready campaign during Critical Infrastructure Security and Resilience Month to improve the resilience of infrastructure Americans rely on every hour of every day." Awareness and preparedness When our partners in the public and private sectors are prepared, their communities can respond better" “By taking steps today to prepare for incidents, critical infrastructure, communities, and individuals can be better prepared to recover from the impact of the threats of tomorrow and into the future,” said Jen.“When our infrastructure partners in the public and private sector are prepared, their communities can respond better and recover faster after disasters,” said FEMA Administrator Deanne Criswell. Protecting people and communities “We are excited to partner with Director Easterly and our colleagues at CISA on their new Shields Ready campaign." "In coordination with FEMA’s Ready campaign, this new approach will help us encourage critical infrastructure stakeholders to practice preparedness and build a more resilient nation by creating plans to protect people and communities alike against hazardous events.” Resolve to be Resilient This focused approach highlights how critical infrastructure entities and other organisations can Resolve to be Resilient by integrating certain practices that will make themselves secure, resilient, able to bounce back quickly and build back stronger from an incident, entities should:  Know Infrastructure and Dependencies: Organisations should identify their most critical systems and assets for their operations and understand their potential dependencies on other infrastructure systems that enable the continuity of their operations.  Assess Risks: Consider the full range of threats and hazards that could disrupt an organisation’s infrastructure operations and evaluate specific vulnerabilities and consequences the threats and hazards could pose.  Make Actionable Plans: Organisations should develop both a strategic risk management plan to reduce the risks and vulnerabilities identified as well as actionable incident response and recovery plans to help withstand disruptions and rapidly restore operations within minimal downtime. Measure Progress to Continuously Improve: Exercise incident response and recovery plans under realistic conditions and periodically evaluate and update strategic plans. An organisation’s ability to prepare for and adapt to changing risk conditions starts with fostering a culture of continuous improvement, based on lessons learned from exercises and real-world incidents.