Critical Infrastructure Security, Governance, Risk and Compliance

CISA strategic plan aligns with National Cybersecurity Strategy

The CISA logo is seen hanging on a blue wall

The Cybersecurity and Infrastructure Security Agency (CISA) on Friday released an update to its comprehensive strategic plan.

The plan for fiscal 2024-2026 is aligned with the National Cybersecurity Strategy released earlier this year by the Biden administration and is “a blueprint for how the agency will pursue a future in which damaging cyber intrusions are a shocking anomaly,” according to CISA.

Released in March by the White House, the National Cybersecurity Strategy calls on governments and the private sector to collaborate on addressing the country’s collective digital security by moving the responsibility of securing technology from users to manufacturers and to compel long-term investment in the way technology is designed. 

The administration and the Office of the National Cyber Director released the workforce development component of the strategy on Monday that aims to build up the nation's cybersecurity skills and capabilities.

CISA is the nation’s cyber defense agency and the national coordinator for critical infrastructure security. The three main goals that will guide the agency’s mission include:

  • Addressing immediate threats by making it increasingly difficult for adversaries to achieve their goals by targeting American and allied networks; 
  • Hardening the terrain by adopting strong practices for security and resilience that measurably reduce the likelihood of damaging intrusions; and 
  • Driving security at scale by prioritizing cybersecurity as a fundamental safety issue and asking more of technology providers to build security into products throughout their lifecycle, ship products with secure defaults, and foster radical transparency into their security practices so that customers clearly understand the risks they are accepting by using each product.

“The next three years will set a new course for CISA and for national cybersecurity. … Together with our partners, we hope to look back on 2023 as the point when the trajectory of national cybersecurity risk began to change for the better,” the plan concludes.

Cybersecurity experts applauded CISA’s updated plan on Friday. 

Tom Kellerman, senior vice president of cyber strategy at Contrast Security, said he was heartened by the three key strategies, adding that “the gloves are now off so as to disrupt cyberattack campaigns.”

Roger Grimes, data-driven defense evangelist at KnowBe4, said the strategic plan formalizes the work the agency has already been working to put in place, adding that “CISA has made tremendous headway” in most of the initiatives already.

Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.