Cybersecurity is no longer just an afterthought, but an integral pillar of modern business.
This shift is detailed in the newly updated Strategic Plan from the Cybersecurity and Infrastructure Security Agency (CISA).
In this post, we discuss how the plan is geared towards strengthening cybersecurity across diverse sectors, tackling immediate threats, elevating security measures, and expanding security on a larger scale. As CISA emphasizes cooperation, innovation, and the growth of a digital future, the plan charts a strategic path forward. Let’s talk about it!
Who is the CISA?
CISA is a US government agency responsible for enhancing the cybersecurity and resilience of the nation’s critical infrastructure creating a secure and reliable digital environment.
Their primary mission is to shield against cyber risks originating from both national and international origins, with the potential to disrupt critical infrastructure sectors like energy, healthcare, finance, transportation, and technology. The agency plays a critical role in protecting both government and private sector systems from cyberattacks, data breaches, and other cyber threats.
What is the importance of CISA’s newly updated Strategic Plan?
This plan “is the agency’s first, comprehensive strategic plan since CISA was established in 2018”[1]. But why is it so important?
The plan was molded to fit with our nation’s heavy reliance on technology for vital services, making us vulnerable to malicious cyber actors. With the vulnerabilities of enterprises and technology products, there is always a risk of cyber threats. However, a solution exists. Changing the way technology products are designed, ensuring security controls are built-in, and swiftly detecting and mitigating incidents are key steps. The strategy highlights the importance of technical collaboration to further enhance security.
Main takeaways on the Strategic Plan:
The Cybersecurity Strategic Plan outlines three goals [2]:
Goal 1 – Address Immediate Threats
The plan aims to make it harder for adversaries to target American networks. This involves gaining insight into intrusion attempts, disrupting threat actor campaigns, responding to breaches, and accelerating the fixing of vulnerabilities often exploited by attackers.
Goal 2 – Harden the Terrain
Efforts will be directed towards promoting and measuring the adoption of strong security practices. This includes offering actionable guidance to organizations, assisting them in prioritizing effective security investments, and evaluating progress in terms of security measures on both organizational and national levels.
Goal 3 – Drive Security at Scale
This goal emphasizes prioritizing cybersecurity as a core safety concern and encouraging technology providers to embed security throughout the lifecycle of their products. It also emphasizes building a diverse national cybersecurity workforce and harnessing the potential of technologies like artificial intelligence and quantum computing.
Comparison with NIST Cybersecurity Framework Core:
Both the NIST Cybersecurity Framework Core and CISA’s Strategic Plan emphasize the importance of identifying and addressing vulnerabilities to enhance cybersecurity resilience. The NIST framework provides a structured framework for managing and mitigating cyber risks across various categories, while CISA’s plan outlines specific goals to address immediate threats, strengthen defenses, and drive security at scale.
Future Plans for CISA:
The strategy’s initial focus is on enhancing core cybersecurity functions for maximum effectiveness [3]. Strengthening defense operations to swiftly identify, prevent, and address threats and vulnerabilities is a priority. However, this is just the beginning. The plan envisions a future where technology is intentionally designed, tested, and maintained to minimize exploitable flaws before entering the market.
Takeaways on CISA’s Strategic Plan:
The strategic plan highlights the importance of collaboration, innovation, and accountability. It emphasizes the necessity of strong cooperation among government, industry, security researchers, and the global community. The plan also recognizes that shared responsibility and coordinated accountability are essential for establishing cybersecurity as a fundamental business concern.
There is an urgency to unite efforts, set priorities, and expedite actions, because adversaries are persistent. Therefore, the plan creates a necessary proactive strategy aimed to tackle modern cyber risks and shape a more resilient framework for the future.
What are your thoughts?
References
- “CISA Strategic Plan.” Cybersecurity and Infrastructure Security Agency. Retrieved from https://www.cisa.gov/strategic-plan
- Cybersecurity and Infrastructure Security Agency. (2023). FY 2024-2026 Cybersecurity Strategic Plan. Retrieved from https://www.cisa.gov/sites/default/files/2023-08/FY2024-2026_Cybersecurity_Strategic_Plan.pdf
- “Cybersecurity Strategic Plan.” Cybersecurity and Infrastructure Security Agency. Retrieved from https://www.cisa.gov/cybersecurity-strategic-plan