Are you Safe Online?
Individual users and businesses need to follow cybersecurity tips, keep their computers equipped with updated security software and technologies and, if appropriate, have their systems checked over by a qualified computer technician. Authorities urge every computer owner to be informed about the trends in cybercrime, as well as about available cyber security technologies to abort any threat of attacks.
Framework for Improving Critical Infrastructure Cybersecurity
Recognizing that the national and economic security of the United States depends on the reliable functioning of critical infrastructure, the President issued Executive Order 13636, Improving Critical Infrastructure Cybersecurity
, in February 2013. It directed NIST to work with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure.
NIST released the first version of the Framework for Improving Critical Infrastructure Cybersecurity
on February 12, 2014. The Framework, created through collaboration between industry and government, consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.
The Department of Homeland Security's Critical Infrastructure Cyber Community C³ Voluntary Program helps align critical infrastructure owners and operators with existing resources that will assist their efforts to adopt the Cybersecurity Framework and manage their cyber risks. Learn more about the C³ Voluntary Program
NIST is also pleased to issue a companion Roadmap
that discusses NIST's next steps with the Framework and identifies key areas of cybersecurity development, alignment, and collaboration.
In the interest of continuous improvement, NIST will continue to receive and consider informal feedback about the Framework and Roadmap. As has been the case throughout the process, organizations and individuals may contribute observations, suggestions, and lessons learned to firstname.lastname@example.org
Pennsylvania Office of Administration/Office of Information Technology's Security
The Pennsylvania Office of Administration/Office for Information Technology
(OA/OIT) has established Information technology (IT) related policies and
procedures for the agencies in the Commonwealth of Pennsylvania under the
Governor's jurisdiction for several key purposes, including the following: 1) to
help standardize activities among the agencies; 2) to facilitate collaboration
among the agencies; and 3) to increase efficiency and lower associated costs.
Provided below are links to OA/OIT's Cyber security and policy websites and,
additionally, a table highlighting those policies that pertain specifically to
the security domain. Polices established by OA/OIT are referred to as
Information Technology Bulletins (ITBs) and are therefore coded with this
designation. (Source: Office of Administration/Office
of Information Technology). For more information please visit OA/IT Security Website or OA/IT Security Policies.
Continuity planning is a simple
business practice of ensuring the execution of essential functions
through all circumstances. In the event of a natural disaster, accidents, technological emergencies or terrorist attack-related
incidents, there is a need for a robust continuity of operations plan that will enable organizations to continue their essential functions across
a broad spectrum of emergencies.
Links to Continuity Planning Online Resources:
·Business Continuity Planning/Ready.gov
·Continuity of Operations/Federal Emergency Management Agency
·Continuity of Government/Pennsylvania Office of Administration
DHS Critical Infrastructure Cyber Community (C3) Voluntary Program
The Critical Infrastructure Cyber
Community (C3) Voluntary Program is a public-private partnership to help
connect business, federal government agencies, academia, and state, local,
tribal and territorial (SLTT) government partners to the U.S. Department of
Homeland Security and other Federal government programs and resources that will
assist their efforts in managing their cyber risks and using the NIST
Cybersecurity Framework. (Sources:
U.S. Department of Homeland Security & U.S. CERT)
DHS CSET - Department of Homeland Security Cyber Security Evaluation Tool
The Cyber Security Evaluation Tool (CSET®) is a self-contained software tool which runs on a desktop or laptop computer. It evaluates the cybersecurity of an automated, industrial control or business system using a hybrid risk and standards-based approach, and provides relevant recommendations for improvement. The Department of Homeland Security's (DHS) Control Systems Security Program (CSSP) developed the CSET application, and offers it to all through the United States Computer Emergency Readiness Team's (US-CERT) website.
How it Works
CSET helps asset owners to assess their information and operational systems cybersecurity practices by asking a series of detailed questions about system components and architecture, as well as operational policies and procedures. These questions are derived from accepted industry cybersecurity standards. Once the self-assessment questionnaire is complete, CSET provides a prioritized list of recommendations for increasing cybersecurity posture, including solutions, common practices, compensating actions, and component enhancements or additions. The tool also identifies what is needed to achieve a desired level of cybersecurity within a system's specific configurations.
Sharing & Analysis Centers (ISACs)
Information Sharing and Analysis Centers help critical
infrastructure owners and operators protect their facilities, personnel and
customers from cyber and physical security threats and other hazards. ISACs
collect, analyze and disseminate actionable threat information to their members
and provide members with tools to mitigate risks and enhance resiliency. ISACs
reach deep into their sectors, communicating critical information far and wide
and maintaining sector-wide situational awareness.
National Information Sharing & Analysis Centers:
Defense Industrial Base ISAC
Defense Security Information
Downstream National Gas ISAC
Emergency Management &
Financial Services ISAC
Information Technology ISAC
National Health ISAC
Oil & Natural Gas ISAC
Real Estate ISAC
Research & Education ISAC
Retail Cyber Intelligence
Supply Chain ISAC
Public Transportation & Over-the-Road ISAC
Reporting: A Unified Message for
Reporting Message for Reporting to the Federal Government – U.S. Department of
This fact sheet, Cyber Incident Reporting: A Unified Message for Reporting to the
Federal Government, explains when, what, and how to report a cyber incident to
the federal government.
Law Enforcement Cyber
Incident Reporting Unified Message
The U.S. Department of Homeland Security, the Federal Bureau
of Investigation, and the International Association of Chiefs of Police, in
partnership with law enforcement agencies across the country, have released the
Law Enforcement Cyber Incident Reporting Unified Message. This document details
different ways law enforcement partners can report suspected or confirmed cyber
incidents to the federal government. The Unified Message can be viewed in the Law Enforcement
Cyber Incident Reporting section of http://www.dhs.gov/combat-cyber-crime.
Federal Bureau of
The FBI Cyber Division heads national efforts to investigate
and prosecute internet crimes, including cyber based terrorism, espionage,
computer intrusions and major cyber fraud.
This division works through the National Cyber Investigative Joint Task
Force (NCIJTF) and cyber investigative squads in each FBI field office. FBI – Cyber Crime Website
Homeland Security – Combating Cyber Crimes
DHA components such
as the U.S. Secret Service and U.S. Immigrations and Customs Enforcement have
special divisions dedicated to fighting
cyber crime. DHS – Combating CyberCrime Website
Systems Cyber Emergency Response Team (ICS-CERT)
The Industrial Control Systems Cyber Emergency Response Team
(ICS-CERT) works to reduce risks within and across all critical infrastructure
sectors by partnering with law enforcement agencies and the intelligence
community and coordinating efforts among Federal, state, local, and tribal
governments and control systems owners, operators, and vendors. Additionally,
ICS-CERT collaborates with international and private sector Computer Emergency
Response Teams (CERTs) to share control systems-related security incidents and
mitigation measures. ICS-CERT Website
Federal Communication Commission Small Business Cyber Planner
US Computer Emergency Readiness Team (US-CERT)
Cyber Incident Reporting - US CERT is responsible for analyzing and reducing cyber threats and vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities. It is 24-hour operational arm of the DHS National Cyber Security Division (NCSD). If you need to report an incident to US CERT, click the following link: