As the nation’s risk advisor, CISA brings our partners in industry and the full power of the federal government together to improve American cyber and infrastructure security.
What the U.S. Government is Doing
- The White House, CDC and Health and Human Services launched Coronavirus.gov.
- Use GSA’s Coronavirus Page, Spanish version for government-wide COVID-19 information.
- Learn about DHS efforts, and FEMA's work here.
- FEMA released the “COVID-19 Pandemic Operational Guidance for the 2020 Hurricane Season” to help emergency managers and public health officials best prepare for disasters, while continuing to respond to and recover from coronavirus.
- Resources to ensure upcoming elections are accessible and secure, and that voters are safe can be found at the Election Assistance Committee.
- FEMA and CISA are responsible for coordinating Emergency Support Function (ESF) efforts. ESFs assist in coordinating federal interagency support for a federal response to an incident – in this case, to COVID-19. ESF #14 (Cross Sector Business and Infrastructure) was established to engage private sector and infrastructure owners and operators to help find and close gaps. It complements Sector-Specific Agencies (SSA) and other ESFs and is a mechanism for entities not aligned to an ESF or have other means of coordination to bring forward current issues and work toward solutions. For more information, email ESF14@cisa.dhs.gov.
- The CISA Insights: COVID-19 Disinformation Activity addresses disinformation campaigns and conspiracy theories appearing online, and provides the public steps on how to minimize the risk of spreading false or misleading content.
- CISA’s COVID-19 Disinformation Toolkit helps State, local, tribal and territorial (SLTT) officials bring awareness to misinformation, disinformation, and conspiracy theories appearing online related to COVID-19’s origin, scale, government response, prevention and treatment.
- To get groundtruth on rumors and facts please visit the FEMA Rumor Control page.
- The CDC has guidance for discontinuation of isolation for persons with non-test confirmed COVID-19 in a non- healthcare setting. Persons with COVID-19 who have symptoms and were directed to care for themselves at home may discontinue isolation under the following conditions:
- At least three days (72 hours) have passed since recovery defined as resolution of fever without the use of fever-reducing medications and
- Improvement in respiratory symptoms (e.g., cough, shortness of breath); and,
- At least seven days have passed since symptoms first appeared.
- FEMA’s guidance on addressing the shortage of Personal Protective Equipment (PPE) in Non-Healthcare setting.
- DHS S&T has published a calculator to estimate how long the virus stays active on surfaces.
Critical Infrastructure
- CISA developed the Physical Security for Cold Storage Locations to provide a physical security checklist for private sector entities, cold storage facility owners/operators, and state/local government officials who will participate in the handling and distribution of COVID-19 vaccine related materials (i.e., kits, PPE).
- CISA developed the Primer on Safe & Efficient Handling of Dry Ice to help cold storage facility owners and operators ensure they are safely and efficiently handling dry ice.
- CISA developed the Critical Questions and Considerations for Cold Chain, Storage, and Dry Ice Operation to inform and assist in further reducing risk to these life-saving efforts. These risks elevate the importance for the security and integrity of myriad of entities receiving, transporting, housing, and distributing COVID-19 vaccines.
- CISA's Identifying Critical Infrastructure During COVID-19 guidance and accompanying list are intended to support state, local, and industry partners in identifying the critical infrastructure sectors and the essential workers. Learn more about CISA's guidance or read our latest press release.
- If you have feedback or additional questions, please reach out to: CISA.CAT@cisa.dhs.gov.
- CISA developed the COVID-19 Recovery CISA Tabletop Exercise Package (CTEP) to assist private sector stakeholders and critical infrastructure owners and operators in assessing short-term, intermediate, and long-term recovery and business continuity plans related to the COVID-19 pandemic.
- The Centers for Disease Control and Prevention (CDC) advises that critical infrastructure workers may be permitted to continue work following potential exposure to COVID-19, provided they remain asymptomatic and additional precautions are implemented to protect them and the community.
- The Critical Infrastructure Operations Centers and Control Rooms Guide for Pandemic Response is geared towards all 16 critical infrastructure sectors. The guide provides considerations and mitigation measures for operation centers and control rooms, but can be applied further to any critical node that is required to continue functioning in a pandemic environment.
- CISA, Health and Human Services (HHS), and the Federal Bureau of Investigation (FBI) jointly released a bulletin regarding potential threats to the health care community and resources and training on how to mitigate these threats.
- CISA and Idaho National Laboratory (INL) have designed, developed, and deployed a capability for truckers and other commercial drivers in the U.S. to understand restrictions that they might encounter as they travel across the country. The Commercial Routing Assistance (CRA) tool merges coordinated and vetted data streams, plots multiple automated or custom routing options, and visualizes the wide variety of state regulations and actions that a driver would encounter along a route. Read the fact sheet and learn more at cra.inl.gov.
- Report a Critical Infrastructure worker denied movement situation.
Cybersecurity
-
CISA released a guide for parents, teachers and school administrators that provides information to prevent or mitigate malicious cyber actors from targeting kindergarten through twelfth grade (K-12) educational institutions, leading to ransomware attacks, theft of data, and the disruption of learning services.
-
CISA, the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a Joint Cybersecurity Advisory that provides an assessment on recent attempts of malicious cyber actors to target kindergarten through twelfth grade (K-12) educational institutions, leading to ransomware attacks, theft of data, and the disruption of learning services.
-
CISA recommends that Owners/Operators of Cold Storage facilities prepare for attacks targeting the cold chain, remain vigilant to alerts and activity in this space, have contingency plans in place, and know who to contact for help.
-
The Cyber Essentials Toolkit is a set of modules designed to break down the CISA Cyber Essentials into bite-sized actions for IT and C-suite leadership to work toward full implementation of each Cyber Essential.
-
Activity Alert: AA20-219A: Malicious Cyber Actor Spoofing SBA COVID-19 Loan Relief Webpage via Phishing Emails. CISA is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 relief webpage via phishing emails. These emails include a malicious link to a fake page used for malicious re-directs and credential stealing.
-
CISA, the Department of Energy, and the UK's National Cyber Security Centre (NCSC) released the Cybersecurity Best Practices for Industrial Control Systems.
-
CISA, the U.S. Department of the Treasury, the Internal Revenue Service, and the United States Secret Service released a joint message urging all Americans to be on the lookout for criminal fraud related to COVID-19 economic impact payments.
- On May 13, CISA and the FBI issued a joint alert announcing that the People’s Republic of China (PRC) are targeting COVID-19 research organizations.
- CISA offers cyber hygiene services, like free scanning and testing services, to help organizations secure internet-facing systems from weak configuration and known vulnerabilities.
- Joint CISA and UK Tip on COVID-19 Cyber Threat Exploitation.
- A May 5 Joint CISA/UK alert on Key Healthcare Organizations in UK and USA was issued.
- An April 8 Joint CISA/UK cyber alert details how cyber criminals and advanced persistent threat (APT) groups are targeting individuals and organizations with a range of ransomware and malware. The alert includes indicators of compromise (IOCs) for detection, and guidance for organizations and individuals on how to decrease the risk of cyberattacks.
- CISA’s updated TIC 3.0 Interim Telework Guidance, released April 8, focuses on remote federal employees connecting to private agency networks and cloud environments in a secure manner.
- On March 13, 2020, CISA released an alert encouraging organizations to adopt a heightened state of cybersecurity when considering alternate workplace options for their employees.
- On March 6, 2020 CISA released an alert reminding individuals to remain vigilant for scams related to Coronavirus Disease 2019 (COVID-19).
- The CISA Insights: Risk Management for Novel Coronavirus (COVID-19) provides executives a tool to help them think through physical, supply chain, and cybersecurity issues that may arise from the spread of Novel Coronavirus, or COVID-19.
Additional Resources From Our Partners
- The Office of Personnel Management should be the government's first stop for telework guidance.
- The National Institute of Standards and Technology’s (NIST) blog, “Preventing Eavesdropping and Protecting Privacy on Virtual Meetings,” addresses security concerns with virtual meetings.
- The Cyber Readiness Institute has developed a quick guide, “Securing a Remote Workforce” for businesses.
- The National Cyber Security Alliance has launched a COVID-19 Security Resource Library featuring free and updated information on current scams, cyber threats, remote working, disaster relief, and more.
- The Global Cyber Alliance offers three simple tips for working from home.
- NIST has guidelines on telework and remote access to help organizations mitigate security risks associated with the enterprise technologies used for teleworking.
- The Cyber Threat Intelligence League brings together more than 1,000 net defenders from around the world to stop malicious cyber activity related to the Coronavirus outbreak.
Emergency Communications
- On May 15, 2020, CISA released the Guidelines for 911 Centers: Pandemic, which were developed to support public safety partners across all levels of government when developing plans and actions regarding governance, procedures, staffing, and cleaning and disinfecting in response to a pandemic. The suite contains four documents in total:
- On September 24, 2020, CISA released the Emergency Communications Best Practices for Establishing Alternate Care Sites document, which provides unique considerations for federal, state, local, tribal, and territorial entities tasked with establishing communications capabilities for an Alternate Care Site (ACS) during a health crisis or other disasters.