Cybersecurity Resources for Transit Agencies FTA

On May 12, 2021, President Biden signed an Executive Order to improve the nation’s cybersecurity and protect federal government networks following recent cybersecurity incidents exploiting SolarWinds and Microsoft Exchange. This Executive Order makes a significant contribution toward modernizing cybersecurity defenses by protecting federal networks, improving information-sharing between the U.S. government and the private sector on cyber issues, and strengthening the United States’ ability to respond to incidents when they occur. DHS encourages private sector companies to follow the Federal government’s lead and take ambitious measures to augment and align cybersecurity investments with the goal of minimizing future incidents. Established in 2018, CISA was created to work across public and private sectors, challenging traditional ways of doing business by engaging with government, industry, academic, and international partners. As threats continue to evolve, we know that no single organization or entity has all the answers for how to address cyber and physical threats to critical infrastructure.

But as the House and Senate negotiate a final FISMA reform bill, DeRusha said the law needs to be clear about federal roles and responsibilities. Some agencies included more detailed zero trust plans in their FY 23 budget requests than others. But for the most part, agencies were able to tell OMB when they plan on reaching zero trust milestones as part of their implementation plans. For instance, the plans should describe how and when the agency “plans to isolate its applications and environments,” according to the strategy memo. For instance, within a year, agencies are required to support phishing-resistant multifactor authentication for all of their public-facing services.

GAO was asked to review CISA's organizational transformative initiative and its ability to coordinate effectively with stakeholders. Agency performs enterprise-level cybersecurity for individuals at the highest risk of cyberattacks because of their job, employer, or industry. Our subscription includes advanced software, 24/7 monitoring and response, and reimbursement with our Agency Cyber Guarantee. We help organizations get advanced security for their largest threat surface while maintaining the privacy of their teams. This guide highlights many of the resources available to law enforcement partners, including training and grant opportunities, to increase nationwide resilience to evolving threats. The focus of this sprint is the DHS workforce, who have done heroic job protecting the integrity of the Nation’s election and responding to several major cyber incidents only a few months thereafter.

The Director of CISA, in consultation with the Director of the NSA, shall review and update the playbook annually, and provide information to the Director of OMB for incorporation in guidance updates. The Secretary of Homeland Security shall biennially designate a Chair and Deputy Chair of the Board from among the members of the Board, to include one Federal and one private-sector member. Within 30 days of the issuance of the guidance described in subsection of this section, the Director of OMB acting through the Administrator of the Office of Electronic Government within OMB shall take appropriate steps to require that agencies comply with such guidance.

The plans describe how each agency proposes to adopt various zero trust approaches and capabilities by the end of fiscal year 2024, a goal set out by the White House’s zero trust strategy released in January. CyWatch is the FBI’s 24/7 operations center and watch floor, providing around-the-clock support to track incidents and communicate with field offices across the country. The machine-readable aspect is not trivial, Hernandez said, as agencies are often short on time and resources when facing a security incident or vulnerability. The Director of OMB shall work with Agency Cybersecurity agency heads to ensure that agencies have adequate resources to comply with the requirements identified in subsection of this section. Articulate progress and completion through all phases of an incident response, while allowing flexibility so it may be used in support of various response activities. Heads of FCEB Agencies shall provide reports to the Secretary of Homeland Security through the Director of CISA, the Director of OMB, and the APNSA on their respective agency’s progress in adopting multifactor authentication and encryption of data at rest and in transit.