CISA teases strategy to protect critical infrastructure
The Cybersecurity and Infrastructure Security Agency will soon release a sweeping plan to bolster cybersecurity protections for the nation's critical infrastructure industries.
The Cybersecurity and Infrastructure Security Agency is preparing to roll out a strategic plan to protect the nation's critical infrastructure industries, as well as developing a new cybersecurity advisory system, according to Director Jen Easterly.
The director of the nation's cyber defense agency detailed the two separate initiatives on Wednesday at the Billington Cybersecurity Summit, saying the critical infrastructure plan will ensure the protection of the .GOV domain, reduce risks and improve resilience and expand operational collaboration.
Easterly said the plan will be published "in a couple of days," emphasizing lessons learned over the past year, in addition to "collaboration as exercise through the most expansive information sharing authorities that the U.S. government has."
She also noted that the strategy will incorporate defense techniques and innovative information sharing methods the Joint Cyber Defense Collaborative (JCDC) employed after CISA established the public-private partnership in 2021.
Meanwhile, a new cybersecurity advisory committee the agency launched in February was spearheading the development of an advisory system that Easterly said will allow the agency to "calibrate the threat up and down" in collaboration with its partners.
CISA Cybersecurity Advisory Committee Chair Thomas Fanning and Vice Chair Ron Green are leading efforts on the new advisory system, Easterly said, which is expected to be released in the coming months.
A spokesperson for the agency declined to provide additional information about either program, though Easterly said CISA is currently developing cybersecurity performance goals to help track agency efforts and measure progress. The agency has already received thousands of comments from its partners, she added, and was planning to host 11 listening sessions across the country.
"We are here to render assistance, and then to get information that we can share with our partners while protecting privacy and protecting the victims" of cyberattacks, Easterly said. "We don't want to burden industry and we don't want to burden the federal government with noise, either, as we are working to do what we need to do to keep the ecosystem safe."