The Cybersecurity and Infrastructure Security Agency (CISA) in the US has undergone significant growth and transition under the leadership of its departing Director, Jen Easterly. In the Agency’s 2024 Year in Review report, Easterly emphasized the importance of collaborative efforts to build trust with various partners, including industry, state and local officials, and the election stakeholder community.
The report highlights CISA’s focus on enhancing collaboration with industry partners through initiatives such as the Pre-Ransomware Notification Initiative (PRNI). In 2024 alone, CISA sent out 2131 pre-ransomware notifications, totaling 3368 notifications since the program’s inception. These notifications were sent to various sectors, including K-12 school districts, government entities, healthcare organizations, and critical infrastructure.
Throughout 2024, CISA achieved significant milestones in cybersecurity, including mitigating vulnerable devices, blocking malicious connections targeting federal agencies, remediating vulnerabilities, producing vulnerability advisories, coordinating disclosures, and engaging in capacity development partnerships globally. The Agency also released cyber defense alerts, advisories, and products, and collaborated with partners to address vulnerabilities in sectors like water and wastewater management, healthcare, and education.
CISA’s initiatives in 2024 expanded to include the Secure by Design program, aimed at improving software security through multifactor authentication, vulnerability reduction, and patch installation. The Agency also conducted the Cyber Storm IX exercise, focusing on preparing government and industry partners for cyber incidents like nation-state-sponsored attacks, with a particular emphasis on Chinese threat actors.
Another key focus for CISA in 2024 was securing the November US Elections, ensuring the security and resilience of election infrastructure through various security procedures, training, and auditing IT systems. The #Protect2024 portal was launched to provide election security guidance products and releases, garnering over 235,000 views and releasing multiple security advisories.
Looking ahead to 2025 and beyond, CISA released its International Strategic Plan to enhance coordination with partners, advance international relationships, and focus on securing AI systems. The Agency will continue to collaborate with international partners and adapt to evolving geopolitical and technological challenges under new leadership.
Director Easterly emphasized the importance of collaboration among government, industry, academia, and international partners to strengthen critical infrastructure protection. As CISA prepares to face intensifying threats in the coming years, the Agency aims to maintain flexibility and innovation to adapt to changing environments and seize new opportunities.