Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock
()
or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Secure Your Drone: Privacy and Data Protection Guidance is a Cybersecurity and Infrastructure Security Agency (CISA) resource that provides guidance for drone users to protect their data and privacy before, during, and after flying their drone.
CISA’s Be Air Aware™ program helps increase awareness of cyber and physical risks posed by unmanned aircraft systems (UAS or drones). The Be Air Aware™ materials on this page provide essential, ready-to-use information about UAS threats and steps to effectively manage risk to critical infrastructure and public gatherings.
Ransomware is a form of malware designed to encrypt files on a device, rendering them and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Over time, malicious actors have adjusted their ransomware tactics to be more destructive and impactful and have also exfiltrated victim data and pressured victims to pay by threatening to release the stolen data. The application of both tactics is known as “double extortion.” In some cases, malicious actors may exfiltrate data and threaten to release it as their sole form of extortion without employing ransomware. This guide is an update to the Joint Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing & Analysis Center (MS-ISAC) Ransomware Guide released in September 2020 (see "What’s New") and was developed through the Joint Ransomware Task Force. It includes ransomware and data extortion prevention best practices and a corresponding response checklist.
Cyber threats are not just possibilities but harsh realities, making proactive and comprehensive Cybersecurity imperative for all critical infrastructure. Adversaries use known vulnerabilities and weaknesses to compromise the security of critical infrastructure and other organizations. CISA offers free Cybersecurity services to help organizations reduce their exposure to threats by taking a proactive approach to monitoring and mitigating attack vectors.
In addition to offering a range of no-cost CISA-provided Cybersecurity services, CISA has compiled a list of free services and tools provided by private and public sector organizations across the cyber community.
CISA’s Cyber Essentials is a guide for leaders of small businesses as well as leaders of small and local government agencies to develop an actionable understanding of where to start implementing organizational Cybersecurity practices.
The Multi-State Information Sharing and Analysis Center (MS-ISAC) is a CISA-supported collaboration with the Center for Internet Security designed to serve as the central Cybersecurity resource for the nation's State, Local, Territorial, Tribal (SLTT) governments. The MS-ISAC is a membership-based collaborative that is open to SLTT entities of all types, including SLTT government agencies, law enforcement, educational institutions, public utilities and transportation authorities, to name a few.
Multiple factors may affect the critical infrastructure security and resilience posture of the Emergency Services Sector (ESS). These factors, which influence the current operating environment and associated decision-making processes, stem from environmental, technological, human, and physical causes. This document provides a sector-specific characterization of relevant factors and decision-making drivers influencing the current operating environment and security and resilience posture of the ESS. Government and sector partners may use this document to help identify and address factors that could have adverse effects on the security or resilience of facilities, personnel, and operations.
The Emergency Services Sector Continuity Planning Suite (ESS CPS) provides a centralized collection of existing guidance, processes, products, tools, and best practices to support the development and maturation of continuity planning for the first responder community. The ESS CPS was created through a partnership of the Emergency Services Sector Risk Management Agency (SRMA) and Sector Coordinating Council (SCC). First responders can use the ESS CPS as it suits their organization to evaluate and improve their continuity capability and enhance their preparedness for emergencies.
The Emergency Services Sector Cybersecurity Initiative is an ongoing effort to enable the Emergency Services Sector (ESS) to better understand and manage cyber risks and to coordinate the sharing of cyber information and tools between subject matter experts (both inside and outside the federal government) and the ESS disciplines.