The Cybersecurity and Infrastructure Security Agency (CISA) is a component of the U.S. Department of Homeland Security (DHS) established by the Cybersecurity and Infrastructure Security Agency Act of 2018, which President Donald Trump signed into law on November 16, 2018. The legislation restructured the former National Protection and Programs Directorate (NPPD) into a standalone operational agency, elevating its profile within DHS.
CISA's mandate covers two broad mission areas:
- Cybersecurity: defending federal civilian executive branch (".gov") networks, issuing binding operational directives, sharing threat intelligence with the private sector, and coordinating responses to major incidents such as the 2020 SolarWinds compromise and the 2021 Colonial Pipeline ransomware attack.
- Infrastructure security: working with the 16 designated critical infrastructure sectors (energy, water, financial services, healthcare, elections, etc.) to assess risk and build resilience against physical and cyber threats.
The agency also houses the National Risk Management Center, runs the Joint Cyber Defense Collaborative (JCDC) launched in 2021 to coordinate with industry partners, and operates EINSTEIN and Continuous Diagnostics and Mitigation (CDM) programs for federal network monitoring.
Election security became a prominent CISA portfolio after 2016, when election infrastructure was designated a critical infrastructure subsector by DHS in January 2017. CISA's first director, Christopher Krebs, was dismissed by President Trump in November 2020 after publicly affirming the integrity of the 2020 U.S. presidential election. Jen Easterly was confirmed as director in July 2021.
CISA does not have regulatory authority over most private-sector entities; its model relies heavily on voluntary partnerships, information sharing, and technical advisories. It is frequently confused with the Cybersecurity Information Sharing Act of 2015 (also abbreviated CISA), a separate statute that created liability protections for companies sharing cyber threat indicators with the federal government.
For MUN and policy researchers, CISA is a useful reference point when comparing national cyber agencies such as the UK's NCSC, France's ANSSI, or Germany's BSI.
Example
In May 2021, CISA coordinated with the FBI and Colonial Pipeline to respond to the DarkSide ransomware attack that disrupted fuel supplies across the U.S. East Coast.
Frequently asked questions
No. The agency (CISA) and the 2015 information-sharing statute share an acronym but are distinct. The 2015 Act created legal protections for sharing cyber threat indicators; the agency was created by a separate 2018 law.
Keep learning