Pipeline Cybersecurity Resources Library

Incident detection, response, and prevention strategies are a critical consideration for the Nation's homes and business organizations. 

CISA offers several scanning and testing service (i.e., testing susceptibility to phishing attacks and testing perimeter defense) to help organizations reduce their exposure to threats by taking a proactive approach to mitigating attack vectors.

An assessment that evaluates an organization's operational resilience and cybersecurity practices

To assist a variety of stakeholders to ensure the cybersecurity of our Nation's critical infrastructure, CISA offers a range of cybersecurity assessments that evaluate operational resilience, cybersecurity practices, organizational management.

C2M2 is a voluntary tool to help organizations measure the maturity of their cybersecurity capabilities in a consistent manner that focuses on the implementation and management of cybersecurity practices.

Idaho National Laboratory’s Malcolm is a powerful and easily deployable network traffic analysis tool suite.

CISA Tabletop Exercise Packages are a comprehensive set of resources designed to assist stakeholders in conducting their own exercises and initiating discussions within their organizations about their ability to address a variety of threat scenarios.

Assists private sector stakeholders and critical infrastructure owners and operators in assessing short-term, intermediate, and long-term recovery and business continuity plans related to the COVID-19 pandemic.

CISA looks to enable the cyber-ready workforce of tomorrow by leading training and education of the cybersecurity workforce.

The AIS ecosystem empowers participants to share cyber threat indicators and defensive measures such as information about attempted adversary compromises as they are being observed. 

 The Critical Infrastructure community on HSIN (HSIN-CI) is the primary system through which DHS, private sector owners and operators, and other government agencies collaborate to protect the nation’s critical infrastructure. 

Secure means for constituents and partners to report incidents, phishing attempts, malware, and vulnerabilities. 

Best practices and ways to prevent, protect and/or respond to a ransomware attack.

Regularly updated summary of the most frequent, high-impact types of security incidents currently being reported.

Modules broken down into bite-sized actions for IT and C-suite leadership to work toward full implementation of each Cyber Essential. 

Reduces risks within and across all critical infrastructure sectors and to share common ICS-related security mitigation recommendations. This page provides abstracts for existing recommended practices and links to source documents.

Shares information with state, local, tribal, and territorial governments and with international partners, as cybersecurity threat actors are not constrained by geographic boundaries.

CISA offers no-cost, subscription-based information products to stakeholders. CISA designed these products to improve situational awareness among technical and non-technical audiences by providing timely information about cybersecurity threats.

CISA and the TSA developed this infographic to outline activities that pipeline operators can undertake to improve the cybersecurity of their information technology (IT) and operational technology (OT) systems.

Technical guidance documentation to inform critical infrastructure entities and organizations about industry best practices and mitigation strategies/

National public awareness effort aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online.

Voluntary guidance, based on existing standards, guidelines, and practices to help critical infrastructure owners and operators reduce cybersecurity risk.

Catalog of security and privacy controls for organizations to protect operations and assets, individuals, and information systems from a diverse set of threats and risks.

Overview of ICS and typical system topologies, identifies typical threats and vulnerabilities to these systems, and provides recommended security countermeasures to mitigate associated risks.

Voluntary guidelines for pipeline industry partners to increase their security awareness.

Interactive training explains what phishing is and provides examples of the different types of phishing.

Various training courses at no tuition cost via the CISA Virtual Learning Portal (VLP). Web

Online and on-demand cybersecurity training system.