Cybersecurity and Infrastructure Security Agency’s (CISA) has released their 2023-2025 Strategic Plan, its first comprehensive strategic plan since the agency was created four years ago.
“This is an important step in planning and preparing to combat the evolving cyber threats,” said Bill Rucker, president of Trustwave Government Solutions (TGS). “I appreciate the emphasis on working with the private sector in the plan. I look forward to a strengthened relationship between TGS and CISA.
The 33-page strategic plan is centered on reducing risk and building resilience to cyber and physical attacks to the U.S. critical infrastructure.
“The risks we face are complex, geographically dispersed, and affect a diverse array of our stakeholders, including federal civilian government agencies, private sector companies, state, local, tribal, and territorial (SLTT) governments, and ultimately the American people,” said CISA Director Jen Easterly. “It is our duty to work with our stakeholders to mitigate these risks to preserve our national security, economic stability, and the health and safety of all our citizens.”
CISA’s plan lays out four goals on which CISA will focus its efforts, including strengthening ties with the private sector. The agency considers itself more than just another bureaucracy, the report stated, instead likening itself to a public-private collaborative, which Trustwave wholeheartedly supports.
“At Trustwave Government Solutions, we are dedicated to collaborating with our government partners to help support CISA’s efforts to implement its Strategic Plan,” Rucker said. “We understand the need for a strong public-private partnership to combat cyber threats, and we will continue to foster our client relationships to ensure the paths of communication are always open.”
CISA’s Four-Step Cybersecurity Plan
The 2023-2025 Strategic Plan is based on the Strategic Intent CISA published in August 2019. In that document the agency laid out its strategic vision and operational priorities as set by then CISA Director Chris Krebs. This guidance provided a general approach for how CISA would execute its responsibilities and these processes are fleshed out in the Strategic Plan.
Under the Strategic Plan CISA said it will:
- Spearhead the national effort to ensure the cyber defense and resilience of cyberspace and to defend against cyber threat actors that target U.S. critical infrastructure and SLTT governments, the private sector, and the American people. CISA must lean forward in our cyber defense mission toward collaborative, proactive risk reduction.
- Work to reduce risks to, and strengthen the resilience of, America’s critical infrastructure. Our safety and security depend on the ability of critical infrastructure to prepare for and adapt to changing conditions and to withstand and recover rapidly from disruptions. CISA coordinates a national effort to secure and protect against critical infrastructure risks. This national effort is centered around identifying which systems and assets are truly critical to the nation, understanding how they are vulnerable, and taking action to manage and reduce risks to them. We serve as a key partner to critical infrastructure owners and operators nationwide to help reduce risks and build their security capacity to withstand new threats and disruptions, whether from cyberattacks or natural hazards and physical threats.
- Strengthen whole-of-nation operational collaboration and information sharing. At the heart of CISA’s mission is partnership and collaboration. Securing our nation’s cyber and physical infrastructure is a shared responsibility. We are challenging traditional ways of doing business and actively working with our government, industry, academic, and international partners to move toward more forward-leaning, action-oriented collaboration. We are also committed to growing and strengthening our Agency’s regional presence to more effectively deliver the assistance our stakeholders need.
- We will unify as One CISA through integrated functions, capabilities, and workforce. We will succeed because of our people. We are building a culture of excellence based on core values and core principles that prize teamwork and collaboration, innovation and inclusion, ownership and empowerment, and transparency and trust. As one team unified behind our shared mission, we will “work smart” to operate in an efficient and cost-effective manner.