The Cybersecurity and Infrastructure Security Agency (CISA) has released its strategic plan for fiscal years 2024 through 2026 [5] [6] [7]. This plan aligns with the National Cybersecurity Strategy released by the White House and aims to enhance the nation’s cybersecurity preparedness.
Description
CISA’s strategic plan serves as a guide for implementation, resource allocation [7], and operational planning within the agency [7]. It emphasizes collaboration [3], innovation [3], and accountability to address imminent threats to networks within the U.S. [4] and increase barriers to cyber intrusions [4]. The plan focuses on three goals: addressing immediate threats [5] [6] [7], strengthening security measures [7], and driving security at scale [1] [2] [5] [6] [7]. Each goal is supported by three objectives [7], outlining CISA’s scope for the next three years [7].
The plan includes specific measures of effectiveness to assess progress [2] [6], such as improvements in detecting adversary activity and fixing known vulnerabilities [6]. CISA aims to work with partners to gain visibility into intrusions [6], disrupt threat actor campaigns [6], and mitigate exploitable conditions [6]. They also aim to promote strong security practices [6], provide guidance for effective security investments [6], and prioritize cybersecurity as a safety issue [2] [6]. Additionally, CISA plans to contribute to efforts in understanding and reducing risks posed by emerging technologies and building a diverse national cybersecurity workforce [6].
The plan highlights the importance of a whole-of-government and whole-of-nation approach to cybersecurity and the need to expand and modernize capabilities and services [3]. Collaboration between government and private sectors is crucial for creating a safer future [2]. CISA acknowledges the need for periodic re-evaluation of strategic priorities due to changes in the threat and technology environments and recognizes the importance of helping resource-poor organizations prioritize security measures.
The plan mentions taking a data-driven approach to identify practices that reduce cyber risk and promote software transparency [4]. It emphasizes a voluntary [4], trust-based collaboration with the private sector [4]. However, it does not focus on software supply chain risk [4], despite earlier calls to address this issue in CISA’s National Cybersecurity Strategy [4].
Conclusion
CISA’s strategic plan for fiscal years 2024 through 2026 aims to enhance the nation’s overall cybersecurity preparedness [7]. By addressing immediate threats [1] [2] [4] [5] [6] [7], strengthening security measures [7], and driving security at scale [1] [2] [5] [6] [7], CISA aims to improve the resilience of networks within the U.S. The plan emphasizes collaboration, innovation [3], and accountability [3], and highlights the importance of a whole-of-government and whole-of-nation approach to cybersecurity [3]. Moving forward, CISA will continue to adapt its strategic priorities to address evolving threats and technology environments, while also prioritizing the needs of resource-poor organizations.
References
[1] https://www.infosecurity-magazine.com/news/cisa-2024-2026-strategic-plan/
[2] https://www.cisa.gov/news-events/news/cisa-cybersecurity-strategic-plan-shifting-arc-national-risk-create-safer-future
[3] https://www.hsdl.org/c/cisa-releases-fy2024-2026-cybersecurity-strategic-plan/
[4] https://www.linkedin.com/pulse/cisa-publishes-its-cybersecurity-strategic-plan-reversinglabs
[5] https://federalnewsnetwork.com/cybersecurity/2023/08/the-next-step-in-cisas-maturity-is-its-new-cyber-strategic-plan/
[6] https://www.meritalk.com/articles/cisa-unveils-three-year-cyber-plan-aligned-with-bidens-ncs/
[7] https://cyberscoop.com/cisa-2024-2026-strategic-plan/