The Cybersecurity and Infrastructure Security Agency (CISA) has issued its strategic plan for 2023 to 2025, setting forth four main goals of cyber defense, risk reduction and resilience, operational collaboration, and agency unification.
The 37-page document is CISA’s first, comprehensive strategic plan since the agency was established in 2018.
The first three goals in the plan focus on how the agency will “reduce risk and build resilience to cyber and physical threats,” while the fourth goal pledges an internal focus to unify as “One CISA.”
“The plan that we’ve put together really reflects, not just the last four years since my predecessor and great friend Chris Krebs stood up the agency, but everything we’ve learned over the past year,” CISA Director Jen Easterly said at last week’s Billington Cybersecurity Summit. “It really capitalizes on what I think about as our superpower, which is collaboration and exercise through the most expansive information-sharing authorities that the U.S. government has.”
The first goal is grounded in CISA’s role as America’s cyber defense agency, with a particular focus on defense and resilience of cyberspace. The second goal of risk reduction and resilience is similar, but places a narrower focus on U.S. critical infrastructure.
The third goal aims to strengthen “whole-of-nation operational collaboration and information sharing” between government and the private sector.
Finally, the fourth goal aims to unify the agency internally, by breaking down organizational silos, growing the value of the agency’s services, and increasing stakeholder satisfaction.
“We’re now a full-grown operational component and we absolutely need to build a unified agency that is grounded in the culture that we are building, the core principles, and our core values of collaboration, innovation, service to the nation, and accountability to the American people,” Easterly said of the plan’s final goal. “So, we’re very excited about the strategic plan.”
Gary Barlet, Federal chief technology officer at Illumio, applauded CISA’s goal of agency unification but emphasized that without funding and sufficient resources, this goal will be difficult to achieve.
“CISA’s goal of agency unification will strengthen information and resource sharing, but without a clear outline of funding priorities, cyberattackers will always be steps ahead while the government runs with weights on its ankles,” Barlet said.
“CISA is still a new agency and issuing this strategic plan signposts its commitment to driving change in a huge way,” he added. “I’m excited to see the Federal government begin to shift to a resilience-based cybersecurity strategy.”