CISA to focus on how to reduce risk, build cyber resilience and ensure the agency can execute its strategic plan as “One CISA.”
by Jim Masters • Sep 14, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is charting it’s path forward with the release of its 2023-2025 Strategic Plan.
This is the first, comprehensive strategic plan since CISA was established in 2018. The plan will focus and guide the agency’s efforts over the next three years, CISA said in a prepared statement.
Aiding Mission-Critical National Security
In its mission as the United States’ cyber defense agency and the national coordinator for critical infrastructure security, CISA works with critical infrastructure partners every day to address the evolving threat landscape. That approach, CISA states, is reflected in the strategic plan — focusing on reducing risk and building resilience to cyber and physical threats to the nation’s infrastructure.
The plan builds on the foundation created through the CISA Strategic Intent, published in August 2019, to guide the agency’s work and create unity of effort. In addition to the plan, CISA said it is “developing internal measures of performance and effectiveness to better track progress toward reducing risk and achieving its goals.”
CISA Strategic Plan: 4 Ambitious Goals
The plan describes “four ambitious goals,” three of which focus on how the agency will work to reduce risk and build cyber resilience. The fourth goal focuses internally to ensure the agency is in a strong position to execute the plan — “working as One CISA.”
The plan spotlight on these four key areas:
- CISA will spearhead the national effort to ensure the defense and resilience of cyberspace.Defending against cyber threat actors that target U.S. critical infrastructure; federal, state and local governments; the private sector; and the American people. CISA must work toward collaborative and proactive risk reduction. Working with its partners, it is CISA’s responsibility to help mitigate the most significant cyber risks to the country’s National Critical Functions, both as these risks emerge and before a major incident occurs.
- CISA will reduce risks to, and strengthen the resilience of, America’s critical infrastructure.CISA coordinates a national effort to secure and protect against critical infrastructure risks. This effort is centered around identifying those systems and assets that are truly critical to the nation, as well as understanding how they are vulnerable and taking action to manage and reduce risks to them. The agency serves as a key partner to critical infrastructure owners and operators nationwide to help reduce risks and build their security capacity to withstand new threats and disruptions.
- CISA will strengthen whole-of-nation operational collaboration and information sharing.At the heart of CISA’s mission is partnership and collaboration. CISA believes that securing the nation’s cyber and physical infrastructure is a shared responsibility. In response, CISA is challenging traditional ways of doing business and actively working with our government, industry, academic and international partners to move toward more forward-leaning, action-oriented collaboration. CISA is also committed to growing and strengthening the agency’s regional presence to more effectively deliver the assistance our stakeholders need.
- Foundational to its success, the agency will unify as “One CISA” through integrated functions.CISA asserts that it will succeed “because of our people.” The agency is building a culture of excellence based on core values and core principles that prize teamwork and collaboration, innovation and inclusion, ownership and empowerment, and transparency and trust. As one team unified behind its shared mission, CISA will “work smart” to operate in an efficient and cost-effective manner.