CISA Unveils 2024–2026 Cybersecurity Strategic Plan — August 3, 2023
The three-year plan prioritizes defensible technology ecosystems, operational collaboration, and risk reduction for critical infrastructure.
Executive briefing: On the Cybersecurity and Infrastructure Security Agency (CISA) released its 2024–2026 Cybersecurity Strategic Plan. The document outlines agency objectives to advance secure-by-design principles, scale cyber defense operations, and drive measurable risk reduction across U.S. critical infrastructure.
Strategic objectives
- Objective 1 — Address immediate threats. Expand joint cyber defense collaboration, improve incident response speed, and enhance vulnerability disclosure programs.
- Objective 2 — Harden the terrain. Promote adoption of secure-by-design products, CISA’s Cybersecurity Performance Goals, and baseline OT security practices.
- Objective 3 — Drive security at scale. Partner with technology providers to embed security into cloud, software, and managed services relied upon by critical infrastructure operators.
Control alignment guidance
- Sector risk management agencies. Align sector-specific plans with CISA’s objectives, ensuring consistent metrics and performance tracking.
- Information sharing. Integrate CISA’s Joint Cyber Defense Collaborative (JCDC) initiatives into internal threat intelligence workflows.
- Investment planning. Use the plan’s priority outcomes to justify budgeting for secure-by-design product adoption and workforce development.
Operational recommendations
- Monitor forthcoming implementation guidance and technical roadmaps tied to the strategic plan, such as updated sector performance goals.
- Participate in JCDC or sector-specific working groups to align response playbooks and data-sharing mechanisms.
- Track progress against plan milestones using executive dashboards that map to CISA’s risk reduction metrics.