November 17, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has released the sixth and last of its Cyber Essentials Toolkits, with the latest focused on “Your Crisis Response.” This aligns with the sixth “Essential Element” identified in the Cyber Essentials, which CISA published in November 2019. The sixth essential is “Limit Damage and Quicken Restoration of Normal Operations,” and the toolkit lists actions for leaders and IT staff or service providers to achieve this task. “Lead development of an incident response and disaster recovery plan” and “Learn who to call for help” are two of the actions. CISA provides descriptions of each of the actions and offers resources to assist with implementation.

October 15, 2020

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has released the fifth in a series of six Cyber Essentials Toolkits, with the latest focused on “Your Data.” This aligns with the fifth of the six “Essential Elements” identified in the Cyber Essentials, which CISA published in November 2019. The fourth essential is “Backup your data and configurations, and keep backups offline,” and the toolkit lists actions for leaders and IT staff or service providers to achieve this task. “Learn what information resides on your network” and “Leverage malware protection capabilities” are two of the actions. CISA provides descriptions of each of the actions and offers resources to assist with implementation. 

September 29, 2020

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has released the fourth in a series of six Cyber Essentials Toolkits, with the latest focused on “Your Surroundings.” This aligns with the fourth of the six “Essential Elements” identified in the Cyber Essentials, which CISA published in November 2019. The fourth essential is “Ensure Access Only to Those Who Belong on Your Digital Space,” and the toolkit lists actions for leaders and IT staff or service providers to achieve this task. “Learn who is on your network” and “Develop IT policies/procedures to address changes in user status” are two of the actions. CISA provides descriptions of each of the actions and offers resources to assist with implementation.

August 18, 2020

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) released the third of its series of six Cyber Essentials Toolkits, “Protect Critical Assets and Applications.” This third essential focuses on “Your Systems,” and it reinforces the importance of multiple best practices from WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities, including #1 Perform Asset Inventories and #10 Implement Threat Detection and Monitoring, among others.

July 1, 2020

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has released the second in a series of six Cyber Essentials Toolkits, with the latest focused on “Your Staff, The Users.” This aligns with the second of the six “Essential Elements” identified in the Cyber Essentials, which CISA published in November 2019. The second essential is “Develop Security Awareness and Vigilance,” and the toolkit lists actions for leaders and IT staff or service providers to achieve this task. “Leverage basic cybersecurity training” and “Maintain awareness of current events related to cybersecurity” are two of the actions. CISA provides descriptions of each of the actions and offers resources to assist with implementation. 

May 29, 2020

As a follow-up to the November 2019 release of its Cyber Essentials, the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) announced the release of the first in a series of six Cyber Essentials Toolkits. The Cyber Essentials identifies six “Essential Elements” for leaders and IT professionals to take to reduce cyber risk. The first toolkit addresses the first of the six: “Drive Cybersecurity Strategy, Investment and Culture.” It lists actions for leaders to achieve this tasks, two of which include “Determine how much of your organization’s operations are dependent on IT” and Build a network of trusted relationships for access to timely cyber threat information.” For the second action, CISA identifies Information Sharing and Analysis Centers (ISACs), which include WaterISAC, as one type of organization to have a relationship with to maintain situational awareness of cyber threats. 

Each month going forward, CISA intends to release a new toolkit to correspond with each of the other elements.

November 6, 2019

On November 6, 2019, the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) announced the release of its Cyber Essentials document, which contains a list of six actionable items for leaders and IT professionals to take to reduce cyber risk. These are:

• Drive cybersecurity strategy, investment, and culture;
• Develop heightened level of security awareness and vigilance;
• Protect critical assets and applications;
• Ensure only those who belong on your digital workplace have access;
• Make backups and avoid loss of info critical to operations; and
• Limit damage and restore normal operations quickly.

These actions are intended to be a starting point for anyone to understand and address cybersecurity risk as they do other risks. They were developed in collaboration with small businesses and state and local governments and aim to equip smaller organizations that historically have not been a part of the national dialogue on cybersecurity with basic steps and resources to improve their cybersecurity. 

“When it comes to collective defense, we are only as strong as our weakest link, which is why CISA is committed to raising the bar in cybersecurity across all companies and government, regardless of their size,” said CISA Director Christopher Krebs. “Cyber Essentials are designed for those small businesses and local governments who don’t have abundant resources – where the CEO is also the chief information officer, head of marketing and HR – who are looking for where to start.  This is a set of cybersecurity practices that are easy to adopt and understand and together constitute ‘the basics.’”