cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
CraginS
Defender I

Who are Critical Workers?

As part of the Department of Homeland Security oversight on critical infrastructure in USA, the Cybersecurity & Infrastructure Security Agency (CISA) on March 19, 2020, released a memorandum,

MEMORANDUM ON IDENTIFICATION OF ESSENTIAL CRITICAL INFRASTRUCTURE WORKERS DURING COVID-19 RESPONSE

 

That gives advisory (not mandatory) guidance on which businesses and sectors are considered critical, and which workers by task might be considered critical essential workers. Cybersecurity is included in many of them. I recommend getting the entire document (linked above), but here are security-related highlights:

 

Healthcare / Public Heallh

  • Workers performing cybersecurity functions at healthcare and public health facilities, who cannot practically work remotely
  •  Workers performing security, incident management, and emergency operations functions at or on behalf of healthcare entities including healthcare coalitions, who cannot practically work remotely

Law Enforcement / Public Safety / First Responders

  • Workers – including contracted vendors -- who maintain digital systems infrastructure supporting law
    enforcement and emergency service operations.

 

Energy: Electric industry

  • IT and OT technology staff – for EMS (Energy Management Systems) and Supervisory Control and Data
    Acquisition (SCADA) systems, and utility data centers; Cybersecurity engineers; cybersecurity risk management

Information technology 

  • Workers who support command centers, including, but not limited to Network Operations Command Center, Broadcast Operations Control Center and Security Operations Command Center
  • Data center operators, including system administrators, HVAC & electrical engineers, security personnel, IT managers, data transfer solutions engineers, software and hardware engineers, and database administrators
  • Workers responding to cyber incidents involving critical infrastructure, including medical facilities, SLTT
    governments and federal facilities, energy and utilities, and banks and financial institutions, and other critical infrastructure categories and personnel

 Financial services

  • Workers responding to cyber incidents involving critical infrastructure, including medical facilities, SLTT
    governments and federal facilities, energy and utilities, and banks and financial institutions, and other critical infrastructure categories and personnel

Defense Industrial Base

  • Workers who support the essential services required to meet national security commitments to the federal government and U.S. Military. These individuals, include but are not limited to, aerospace; mechanical and software engineers, manufacturing/production workers; IT support; security staff; security personnel; intelligence support, aircraft and weapon system mechanics and maintainers

 

Craig

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
4 Replies
Steve-Wilme
Advocate II

There's a similar list in the UK; medics, police, border force, defence, state benefits providers, other first responders and anyone opperating critical national infrastructure; public transport, utilities, banks etc.  As ever there are some oversights in the governments thinking; IT support workers for the above and the facilities management of for the above premises.  At least it's a start!

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
denbesten
Community Champion

Ohio's "Stay Home" directive includes by reference the Critical Workers document put out by Homeland Security and hilighted by Craign.  In announcing the directive, the governor explicitly mentioned that they were aligning with the document to help multi-state companies have a single standard to follow instead of needing to follow a patchwork of different regulations.  

 

I thought it an interesting non-IT example of why us security professionals tend to lean upon the NIST, ISO and other frameworks/guidelines -- leveraging the work of others helped Ohio develop their directive more quickly,  ensured they "thought of everything" and allows those who must comply to reapply knowledge they learned elsewhere.

AppDefects
Community Champion


@CraginS wrote:

 

Defense Industrial Base

  • Workers who support the essential services required to meet national security commitments to the federal government and U.S. Military. These individuals, include but are not limited to, aerospace; mechanical and software engineers, manufacturing/production workers; IT support; security staff; security personnel; intelligence support, aircraft and weapon system mechanics and maintainers

Being recognized for supporting the DIB brings a fondness to my heart that you can't imagine. I feel so proud to serve the Nation.

CraginS
Defender I


@CraginS wrote:

As part of the Department of Homeland Security oversight on critical infrastructure in USA, the Cybersecurity & Infrastructure Security Agency (CISA) on March 19, 2020, released a memorandum,

MEMORANDUM ON IDENTIFICATION OF ESSENTIAL CRITICAL INFRASTRUCTURE WORKERS DURING COVID-19 RESPONSE

 

...


On March 28, 2020 DHS CISA released an updated 

MEMORANDUM ON IDENTIFICATION OF ESSENTIAL CRITICAL INFRASTRUCTURE WORKERS DURING COVID-19 RESPONSE

which also links to the March 28, 2020, 

ADVISORY MEMORANDUM ON IDENTIFICATION OF ESSENTIAL CRITICAL INFRASTRUCTURE WORKERS DURING COVID-19 R...

 

I won't bother copying content this time, leaving it up to you to review the two documents for yourselves.

 

Craig

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts