CISA, the Cybersecurity and Infrastructure Security Agency, has been playing a crucial role in shaping the nation’s cybersecurity landscape over the last four years. Established to protect critical infrastructure and combat emerging cyber threats, CISA has evolved to meet the ever-changing demands of national security.
As the United States approaches 2025, analyzing the agency’s key policy actions provides insight into its increasing influence in ensuring the security and resilience of both digital and physical infrastructures nationwide.
In 2024, a significant development occurred in April when the National Security Memorandum on Critical Infrastructure Security and Resilience (NSM-22) reaffirmed CISA’s leadership position. This memorandum formally designated the agency as the National Coordinator for the Security and Resilience of U.S. Critical Infrastructure, empowering CISA to implement a biennial risk management cycle aimed at reducing vulnerabilities in the nation’s infrastructure.
A pivotal aspect of this initiative involves fostering collaboration with partners from the public and private sectors to assess risks across various industries. By actively engaging stakeholders, CISA aims to gain a deeper understanding of sector-specific threats while mitigating risks at a national level. The outcome of this program will be the creation of the 2025 National Infrastructure Risk Management Plan, guiding federal efforts to safeguard critical infrastructure in the coming years.
In 2023, the focus shifted towards strengthening cybersecurity strategies and AI initiatives. The release of the National Cybersecurity Strategy (NCS) outlined a comprehensive approach to cybersecurity, emphasizing the need for enhanced collaboration between government agencies and industry leaders. Noteworthy actions undertaken by CISA included updating the National Cyber Incident Response Plan, expanding anti-ransomware efforts through the Joint Ransomware Task Force (JRTF), and enhancing collaboration with industry stakeholders.
Moreover, Executive Order 14110 in late 2023 underscored CISA’s responsibility in securing the development and use of AI systems. This directive tasked CISA with aiding stakeholders in safeguarding critical infrastructure from AI-related risks and exploring the technology’s potential to bolster cybersecurity defenses.
The year 2022 witnessed the enactment of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), mandating critical infrastructure entities to report cyber incidents and ransomware payments to CISA within 24 hours. This legislation empowered CISA to respond promptly to incidents, disseminate actionable intelligence, and strengthen defenses across sectors. Additionally, the establishment of the Joint Ransomware Task Force and the Ransomware Vulnerability Warning Pilot under CIRCIA played crucial roles in combating ransomware threats.
Amid the aftermath of the SolarWinds supply chain attack in late 2020, Executive Order 14028 in May 2021 entrusted CISA with pivotal actions to improve threat information sharing, modernize federal cybersecurity standards, and secure the software supply chain. The introduction of Cybersecurity Performance Goals (CPGs) in the same year aimed to assist smaller organizations in enhancing their cybersecurity practices.
Looking ahead, CISA’s strategic partnerships with various entities, its evolving influence, and its proactive stance in shaping the future of national cybersecurity will be essential as the agency navigates the challenges posed by emerging cyber threats. With AI playing a crucial role in next-generation cybersecurity innovations, CISA is poised to leverage technology to combat adversaries effectively. The journey ahead may be challenging, but CISA’s commitment to resilience and innovation will be crucial in staying ahead in the ongoing battle for cybersecurity.
As CISA continues to redefine the cybersecurity landscape, the upcoming years will be pivotal in determining the nation’s ability to adapt and respond to evolving threats. The agency’s continued efforts and partnerships will be instrumental in fortifying the nation’s defenses against cyber threats.