The US Cybersecurity and Infrastructure Security Agency (CISA) has unveiled its Cybersecurity Strategic Plan for the next three years, focusing on three main goals and several objectives.
The Cybersecurity Strategic Plan for fiscal years 2024-2026 outlines the agency’s plans for achieving a future where damaging cyberattacks are rare, organizations are resilient, and technology is secure by design.
One of CISA’s three main goals is ‘addressing immediate cyber threats’ by making it more difficult for threat actors to achieve their goals by targeting the networks of the US and its allies.
The objectives for this goal include increasing visibility into threats and campaigns and increasing the ability to mitigate them, addressing critical and exploitable vulnerabilities, and conducting exercises and joint defense operations to ensure an effective response to urgent threats.
Another major objective is ‘hardening the terrain’ by adopting strong security and resilience practices to reduce the likelihood of damaging attacks.
Objectives include understanding how attacks occur and how they can be stopped, driving the implementation of measurably effective investments, and providing modern cybersecurity capabilities and services and measuring their effectiveness.
The final goal is ‘driving security at scale’ by prioritizing security as a fundamental safety issue.
This involves technology providers building security into their products and shipping them with secure defaults. Other objectives include reducing cybersecurity risks posed by new technologies, and contributing to efforts to build a national cyber workforce.
“Cybersecurity is a shared journey and a shared challenge that the entire nation must address together,” CISA said. “As America’s Cyber Defense Agency, CISA serves a foundational role in the global cybersecurity community, but true and lasting security in cyberspace can only be achieved collaboratively. Government at all levels, industry, technology providers, the global community of cyber defenders, individual citizens, and others must all work together to achieve a secure cyber future.”
Related: CISA Instructs Federal Agencies to Secure Internet-Exposed Devices
Related: CISA Introduces Secure-by-design and Secure-by-default Development Principles
