Embracing CISA’s strategic plan for 2023-2025

In September 2022, the CISA (Cybersecurity and Infrastructure Security Agency) in the US published its strategic plan for 2023-2025. In the detailed report, the agency outlines how the US is operating in an increasing ‘complex landscape of ever-evolving risks’ that continue to threaten the security of the nation’s infrastructure and networks. The world today is increasingly interconnected due to technological advancements and by consequence, the ‘global cyberspace presents profound challenges in which we face 24/7/365 asymmetric, cyber threats with large-scale real-world effects’, the CISA shared. The cybersecurity agency explains the integral need for businesses to be able to outpace national rivals and adversaries’ cyber capabilities in order to maintain national security. Regardless of an organization’s industry, sector or mission, all enterprises in the US are all subject to the same overarching concerns with regards to cyberthreats and risks.

Key concerns outlined by CISA in the report include those of cyber threat actors who use technology to undermine the U.S. economy and democracy, sow discord and steal intellectual property. Such cyber criminals seek to take advantage of ‘the complexity of cyber infrastructure that spans public and private networks’. The agency believes that the urgency of its cyber defense mission has ‘never been more apparent’ than in their attempts to defend the country from malicious cyber crime.

According to the CISA, ‘the capacity to mitigate against cyber threats requires continuous work and a ‘whole nation’ approach that spans all stakeholders’. Since the end of 2021, the CISA has been engaging in their ‘Shields Up’ campaign. A key part of this campaign that has been further driven by the fear of potential spillover effects felt from the war between Russia and Ukraine. The ongoing crisis has sparked the CISA to encourage organizations of all sizes to invest in their cybersecurity strategy so they can protect their key assets. Since the launch of the ‘Shields Up’ campaign, the agency has been working hard to drive traffic to the company’s website where businesses can learn about the key steps they can take to have a robust cybersecurity strategy. Simultaneously, there have been over 100 briefings to thousands of stakeholders on this subject.

In order to help protect the US from the looming threats that continue to pose risks towards the country, the CISA has developed four key areas of focus.

1. The CISA will be spearheading the national effort to ‘ensure the defense and resilience of cyberspace’. In order to achieve this, the goal is to be able to build the nation’s capacity to defend against and recover from cyberattacks.
2. The strategy developed by the CISA will seek to strengthen the resilience of and improve the risk posture of America’s critical infrastructure. This is a key priority for the agency as the nation’s safety and security depends on the capacity for critical infrastructure to maintain constant protection in an increasingly unstable and ever-changing environment.
3. There will be a ‘whole-of-nation’ approach to cybersecurity that will require constant operational collaboration and information sharing. Partnership and collaboration  is a key factor that is at the heart of the CISA’s overall mission and will be paramount to the overall strategic success.
4. The CISA is striving to build a culture of excellence that prizes the following: ‘teamwork and collaboration, innovation and inclusion, ownership and empowerment, and transparency and trust’. These key values will be vital to the strategy for 2023-2025 and success will be owed to the people who unify behind these core beliefs.

RFA works with businesses in the financial industry to develop their cybersecurity strategy and risk posture so they are able to prepare and protect themselves for any worst case scenarios should an attack occur. The cyber climate in the US recognises that the success of its defense will be rooted in accepting shared responsibility. During any major accidents or disasters, it will be critical that firms from any industry are able to quickly respond and notify the CISA so other businesses are able to protect themselves from attacks. Through RFA’s Managed Detection & Response solutions, businesses will be able to work collaboratively in the US to efficiently notify the CISA of any attacks. RFA empowers firms to be able to manage their cybersecurity strategy from a 24/7/365 perspective, so they are able to engage in a ‘Shields Up’ approach when it comes to their cyber defense.

If you are a firm operating in the US and would like to know how RFA can help you align your firm’s goals with CISA’s 2023-2025 strategy, please contact us.