Connect with us

Hi, what are you looking for?



CISA Unveils Cybersecurity Strategic Plan for Next 3 Years

CISA has unveiled its Cybersecurity Strategic Plan for the next 3 years, focusing on addressing immediate threats, hardening the terrain, and driving security.

The US Cybersecurity and Infrastructure Security Agency (CISA) has unveiled its Cybersecurity Strategic Plan for the next three years, focusing on three main goals and several objectives.

The Cybersecurity Strategic Plan for fiscal years 2024-2026 outlines the agency’s plans for achieving a future where damaging cyberattacks are rare, organizations are resilient, and technology is secure by design. 

One of CISA’s three main goals is ‘addressing immediate cyber threats’ by making it more difficult for threat actors to achieve their goals by targeting the networks of the US and its allies. 

The objectives for this goal include increasing visibility into threats and campaigns and increasing the ability to mitigate them, addressing critical and exploitable vulnerabilities, and conducting exercises and joint defense operations to ensure an effective response to urgent threats.

Another major objective is ‘hardening the terrain’ by adopting strong security and resilience practices to reduce the likelihood of damaging attacks. 

Objectives include understanding how attacks occur and how they can be stopped, driving the implementation of measurably effective investments, and providing modern cybersecurity capabilities and services and measuring their effectiveness.

The final goal is ‘driving security at scale’ by prioritizing security as a fundamental safety issue. 

Advertisement. Scroll to continue reading.

This involves technology providers building security into their products and shipping them with secure defaults. Other objectives include reducing cybersecurity risks posed by new technologies, and contributing to efforts to build a national cyber workforce. 

“Cybersecurity is a shared journey and a shared challenge that the entire nation must address together,” CISA said. “As America’s Cyber Defense Agency, CISA serves a foundational role in the global cybersecurity community, but true and lasting security in cyberspace can only be achieved collaboratively. Government at all levels, industry, technology providers, the global community of cyber defenders, individual citizens, and others must all work together to achieve a secure cyber future.”

Related: CISA Instructs Federal Agencies to Secure Internet-Exposed Devices

Related: CISA Introduces Secure-by-design and Secure-by-default Development Principles

Related: CISA Gets Proactive With New Pre-Ransomware Alerts

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.