topic Re: Who are Critical Workers? in Industry News

Who are Critical Workers?

CraginS — Mon, 23 Mar 2020 14:42:46 GMT

As part of the Department of Homeland Security oversight on critical infrastructure in USA, the Cybersecurity & Infrastructure Security Agency (CISA) on March 19, 2020, released a memorandum,

MEMORANDUM ON IDENTIFICATION OF ESSENTIAL CRITICAL INFRASTRUCTURE WORKERS DURING COVID-19 RESPONSE

That gives advisory (not mandatory) guidance on which businesses and sectors are considered critical, and which workers by task might be considered critical essential workers. Cybersecurity is included in many of them. I recommend getting the entire document (linked above), but here are security-related highlights:

Healthcare / Public Heallh

Workers performing cybersecurity functions at healthcare and public health facilities, who cannot practically work remotely
Workers performing security, incident management, and emergency operations functions at or on behalf of healthcare entities including healthcare coalitions, who cannot practically work remotely

Law Enforcement / Public Safety / First Responders

Workers – including contracted vendors -- who maintain digital systems infrastructure supporting law
enforcement and emergency service operations.

Energy: Electric industry

IT and OT technology staff – for EMS (Energy Management Systems) and Supervisory Control and Data
Acquisition (SCADA) systems, and utility data centers; Cybersecurity engineers; cybersecurity risk management

Information technology

Workers who support command centers, including, but not limited to Network Operations Command Center, Broadcast Operations Control Center and Security Operations Command Center
Data center operators, including system administrators, HVAC & electrical engineers, security personnel, IT managers, data transfer solutions engineers, software and hardware engineers, and database administrators
Workers responding to cyber incidents involving critical infrastructure, including medical facilities, SLTT
governments and federal facilities, energy and utilities, and banks and financial institutions, and other critical infrastructure categories and personnel

Financial services

Workers responding to cyber incidents involving critical infrastructure, including medical facilities, SLTT
governments and federal facilities, energy and utilities, and banks and financial institutions, and other critical infrastructure categories and personnel

Defense Industrial Base

Workers who support the essential services required to meet national security commitments to the federal government and U.S. Military. These individuals, include but are not limited to, aerospace; mechanical and software engineers, manufacturing/production workers; IT support; security staff; security personnel; intelligence support, aircraft and weapon system mechanics and maintainers

Craig

Re: Who are Critical Workers?

Steve-Wilme — Mon, 23 Mar 2020 16:35:10 GMT

There's a similar list in the UK; medics, police, border force, defence, state benefits providers, other first responders and anyone opperating critical national infrastructure; public transport, utilities, banks etc. As ever there are some oversights in the governments thinking; IT support workers for the above and the facilities management of for the above premises. At least it's a start!

Re: Who are Critical Workers?

denbesten — Mon, 23 Mar 2020 17:21:52 GMT

Ohio's "Stay Home" directive includes by reference the Critical Workers document put out by Homeland Security and hilighted by Craign. In announcing the directive, the governor explicitly mentioned that they were aligning with the document to help multi-state companies have a single standard to follow instead of needing to follow a patchwork of different regulations.

I thought it an interesting non-IT example of why us security professionals tend to lean upon the NIST, ISO and other frameworks/guidelines -- leveraging the work of others helped Ohio develop their directive more quickly, ensured they "thought of everything" and allows those who must comply to reapply knowledge they learned elsewhere.

Re: Who are Critical Workers?

AppDefects — Tue, 24 Mar 2020 00:55:37 GMT

@CraginS wrote:

Defense Industrial Base
Workers who support the essential services required to meet national security commitments to the federal government and U.S. Military. These individuals, include but are not limited to, aerospace; mechanical and software engineers, manufacturing/production workers; IT support; security staff; security personnel; intelligence support, aircraft and weapon system mechanics and maintainers

Being recognized for supporting the DIB brings a fondness to my heart that you can't imagine. I feel so proud to serve the Nation.

Re: Who are Critical Workers?

CraginS — Sun, 29 Mar 2020 17:59:02 GMT

@CraginS wrote:
As part of the Department of Homeland Security oversight on critical infrastructure in USA, the Cybersecurity & Infrastructure Security Agency (CISA) on March 19, 2020, released a memorandum,
MEMORANDUM ON IDENTIFICATION OF ESSENTIAL CRITICAL INFRASTRUCTURE WORKERS DURING COVID-19 RESPONSE

...

On March 28, 2020 DHS CISA released an updated

MEMORANDUM ON IDENTIFICATION OF ESSENTIAL CRITICAL INFRASTRUCTURE WORKERS DURING COVID-19 RESPONSE

which also links to the March 28, 2020,

ADVISORY MEMORANDUM ON IDENTIFICATION OF ESSENTIAL CRITICAL INFRASTRUCTURE WORKERS DURING COVID-19 RESPONSE

I won't bother copying content this time, leaving it up to you to review the two documents for yourselves.

Craig