Cybersecurity Resources for Transit Agencies FTA

Establishing asset management procedures to ensure that an agency’s information technology resources are identified and managed consistent with their relative importance to the agency’s business objectives. Its role is to investigate federal expenditures, unacceptable activities and other issues related to government ethics. Whether it is the electric grid, our water system or any other system relied upon by the masses, the DHS is usually responsible for its protection. Each of these agencies is constantly seeking cybersecurity specialists to add to their staff. With a degree in cybersecurity, you just might find yourself employed for a government agency on the local, state or federal level. Many government agencies rely on cybersecurity professionals to keep sensitive information protected.

The portions of records made confidential and exempt in subsections and shall be available to the Auditor General, the Cybercrime Office of the Department of Law Enforcement, the Florida Digital Service within the department, and, for agencies under the jurisdiction of the Governor, the Chief Inspector General. Such portions of records may be made available to a local government, another state agency, or a federal agency for cybersecurity purposes or in furtherance of the state agency’s official duties. Establishing the managerial, operational, and technical safeguards for protecting state government data and information technology resources that align with the state agency risk management strategy and that protect the confidentiality, integrity, and availability of information and data. The recovery may include recommended improvements to the agency processes, policies, or guidelines. Cyber terrorists, as well as hackers of all sorts, are turning to the internet to wreak havoc.

CISA did conduct an initial assessment of its cybersecurity workforce in 2019; however, it is still working on analyzing capability gaps and determining how to best fill those gaps. Finally, CISA did not address the practice of ensuring that its employee performance management system was aligned with its new organizational structure and transformation goals. Until it fully addresses workforce planning and the five other practices that are either partially or not addressed, CISA’s ability to leverage its organizational changes to effectively carry out its mission will be hindered.

Dr. David Mussington serves as the Executive Assistant Director for Infrastructure Security at the Cybersecurity and Infrastructure Security Agency as of February 19, 2021. In this role, Mussington leads CISA’s efforts to secure the nation’s critical infrastructure in coordination with government and the private sector. Key areas of focus include vulnerability and risk assessments; securing soft targets and crowded places; training and exercises; and securing high-risk chemical facilities. 500.19 – To qualify, a Covered Entity must be an employee, agent, representative or designee of another Covered Entity and all aspects of the employee’s, agent’s, representative’s, or designee’s business must be fully covered by the Cybersecurity Program of the other Covered Entity. Under this exemption, individuals and entities will be required to identify the regulated entity whose program they are following and provide the name of an appropriate representative who can confirm the individual or entity is fully covered by that cybersecurity program. Some important considerations include, but are not limited to, what business the acquired company engages in, the target company's risk for cybersecurity including its availability of Personally Identifiable Information, the safety and soundness of the Covered Entity, and the integration of data systems.

Federal legislation enacted in November 2018 established CISA to advance the mission of protecting federal civilian agencies' networks from cyber threats and to enhance the security of the nation's critical infrastructures in the face of both physical and cyber threats. To implement this legislation, CISA undertook a three-phase organizational transformation initiative aimed at unifying the agency, improving mission effectiveness, and enhancing the workplace experience for CISA employees. FTA provides financial support for some grant recipients’ cybersecurity activities and supports the U.S. Additionally, as a condition of federal assistance, under 49 U.S.C. 5323, rail transit operators must certify that they have a process to develop, maintain, and execute a plan for identifying and reducing cybersecurity risks. On November 16, 2018, President Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018, which elevated the mission of the former NPPD within DHS, establishing the Cybersecurity and Infrastructure Security Agency .

He specifically highlighted the importance of the transition to post-quantum encryption algorithms pointing out that the transition is as much dependent on the development of such algorithms as it is on their adoption. The government and industry must prepare for it now to protect the confidentiality of data that already exists today and remains sensitive in the future. Most of the actions outlined in the Executive Order are to be implemented by the Department Agency Cybersecurity of Homeland Security, namely CISA. In addition, Congress provided CISA with new authorities in the 2021 National Defense Authorization Act and with a down payment to improve the protection of civilian federal government networks with the funding provided through the American Rescue Plan. This ongoing priority will therefore focus on implementing the Executive Order, the NDAA, and the funding provided by Congress in an effective and timely manner.