CISA Cybersecurity Strategic Plan: What you need to know

Image

The United States stands at a pivotal juncture for true digital and cyber security, with unlimited potential. The 2023 U.S. National Cybersecurity Strategy presents a fresh perspective on safeguarding digital territory—a perspective rooted in collaboration, innovation, and accountability. This moment poses a critical consideration of whether to invest in a future where collaboration is the norm, innovation in defense outpaces the bad-intentioned, and the responsibility of cybersecurity rests with the capable.

The vision is clear: a world where debilitating cyber breaches are the exception, organizations are fortified and adaptable, and technology products are innately secure. This journey is one the nation will embark upon collectively, with CISA at the forefront of America's cyber defense, anchoring its role in the global cybersecurity space.

The nation's core functions hinge on interconnected technologies—be it water, electricity, or finance. Today, as countless Americans rely on digital connectivity for daily routines, malicious actors exploit this dependence for their gains. Yet, the path to resilience is clear. By reimagining how tech products are designed, swiftly detecting threats and bolstering essential services, we can shape a more secure horizon—united in this pursuit.

CISA's Cybersecurity Strategic Plan sets forth three goals: thwarting imminent threats, fortifying defenses, and driving security ubiquitously. CISA aims to harness the hacker ethos, infusing creativity into every facet of this mission. Shoulder-to-shoulder with the cybersecurity community, CISA ignites a symphony of collaboration, blazing a trail toward a future where cyber adversaries are stopped.

Primary Goals

The foundation for a secure world lies in the CISA Cybersecurity Strategic Plan's resolute goals and associated objectives. These objectives will be meticulously executed through annual operating plans, entrusting specific CISA units with pivotal milestones and metrics. A crucial facet to recognize is that these three goals are not standalone; they synergize to create a cohesive approach:

• Goal 1, aptly named "Address Immediate Threats," signifies our commitment to understanding and mitigating emerging cyber threats.
• Goal 2, "Harden the Terrain," encompasses driving effective cybersecurity practices and bolstering resilience.
• Goal 3, "Drive Security at Scale," steers us towards developing secure technology products and a fortified cyber workforce.

These objectives work harmoniously, creating a cycle that shines a light toward the ultimate vision: an impenetrable and resilient infrastructure for the American public. CISA’s mission is to lead the national charge in comprehending, managing, and diminishing risks to the cyber and physical foundations.

Goal 1: Address Immediate Threats

In the modern world, American organizations face relentless threats from bad actors. Adversaries systematically target government agencies and critical infrastructure, exploiting vulnerabilities. The prevalence of these attacks underscores a pressing concern for the urgency to enhance our cybersecurity defenses.

Goal 1 - "Address Immediate Threats" - acknowledges the soft targets that American organizations have become. To counter this, a two-pronged approach is paramount. First, by swiftly detecting adversary activity, it’s possible to disrupt their operations and minimize damage. Second, the goal involves eradicating exploitable conditions before intrusions occur, making these networks themselves a challenge for adversaries.

The collaborative nature of this endeavor cannot be overstated. A united front is essential, encompassing federal agencies, private sector entities, security experts, international allies, and more. By bolstering visibility, minimizing friction, and increasing the cost to transgressors, CISA strives to safeguard American networks from cyber onslaughts. Through this collective commitment, this goal aims to create an environment where cybercriminals find it increasingly difficult to breach defenses.

Goal 2: Harden the Terrain

Goal 2 - "Harden the Terrain" - emerges as a rallying cry to bolster our digital defenses. As organizations across the nation grapple with security challenges, the imperative to fortify cybersecurity resilience takes center stage.

This goal acknowledges the uphill struggle Chief Information Security Officers (CISOs) and cybersecurity experts face in advocating for stronger controls and modern technologies. Goal 2 recognizes that decisive action is required to shift the balance of risk management and security investments across the board. CISA's commitment lies in providing practical and informed guidance, influencing risk decisions, and delivering essential services to empower organizations.

The three core objectives under this goal provide a roadmap for achieving this transformation. By deepening the understanding of attack mechanisms, driving prudent cybersecurity investments, and offering targeted capabilities and services, CISA aims to equip organizations with the tools they need to navigate the dynamic cybersecurity landscape effectively.

In a world where technology is both a boon and a battleground, goal 2 serves as a beacon, illuminating the path toward fortified digital landscapes and resilient cybersecurity practices.

Goal 3: Drive Security at Scale

The contemporary cybersecurity landscape demands a paradigm shift where security is embedded in technology products from inception, ensuring safety before market release. Goal 3 - "Drive Security at Scale," - advocates for a radical transformation in how technology products are designed, developed, and tested. This goal underscores the critical importance of viewing cybersecurity through the safety lens and placing the onus on technology providers to integrate security measures throughout product lifecycles.

The aspiration to build secure products prompts a three-fold approach:

Firstly, defining the criteria for technology products to be safe and secure lays the foundation for change. Collaborative efforts between government and industry shape guidance and technical standards, aiding consumers in choosing secure products and manufacturers in delivering them.

Secondly, driving transparency by embracing software bills of materials and rigorous vulnerability disclosure practices enhances accountability and empowers consumers.

Lastly, this goal acknowledges the significance of emerging technologies such as artificial intelligence (AI), quantum computing, and machine learning. As technology evolves, the imperative is to harness AI responsibly, safeguard against adversarial manipulation, and ensure quantum-safe cryptography adoption.

By fostering a secure technological ecosystem, goal 3 envisions a future where cybersecurity evolves from a tangible concern to a foundational element of every product, creating safer digital experiences for individuals and organizations.

Looking Forward

Over the next three years, CISA's journey will reshape national cybersecurity, forging a safer digital realm for all Americans. Amidst escalating cyber threats, this ambitious path is imperative. Collaboratively with partners, CISA aims to mark 2023 as the pivotal moment when the trajectory of national cybersecurity risk began to transform positively.

Guided by this strategy, the initial focus remains on fortifying core cybersecurity functions to maximum effect. Fundamental success is paramount. Strengthened cyber defense operations will swiftly counter threats, vulnerabilities, and incidents. Innovative shared services and actionable guidance will empower defenders to prioritize investments against likely and impactful threats.

Progress propels the nation toward a future where technology intrinsically minimizes exploitable flaws, easing security concerns. A collective endeavor, we're poised to shift the paradigm, surmounting challenges and steering the nation towards a safer future for generations ahead.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire.