CISA Review 2022 Accomplishments

The Cybersecurity and Infrastructure Security Agency (CISA) reviewed its 2022 highlights in a new report. The four-year-old agency oversees the effort to keep the nation’s cyber and physical infrastructure safe and to reduce current and future risks whether they be from cyberattacks, natural disasters, mass shootings, chemical spills and more. Critical to its mission is collaboration with federal and state partners as well as non-profits, academia, and the research community.

“2022 has been an especially productive year for our team and our partnerships and we look forward to continuing this momentum into 2023,” said CISA Director Jen Easterly.

The report broke CISA’s highlights into four goal areas that were outlined in the agency’s 2023-2025 Strategic Plan: Cyber Defense, Risk Reduction and Resilience, Operational Collaboration and Agency Unification.

Cyber Defense

CISA plays a critical role in defending the nation’s cyber networks from attacks. It’s also on the frontline of responding to cyber incidents should one occur.

This year CISA says it accomplished a number of cyber defense related goals including:

·         Releasing cross-sector Cybersecurity Performance Goals (CPG) to elevate cybersecurity across all critical infrastructure sectors. The CPG’s lay out “highly impactful actions organizations can take to mitigate many common threats to critical infrastructure Information Technology (IT) and Operational Technology (OT) environments.”

·         Developing and deploying new technologies across nearly 50 federal agencies that provide “unsurpassed level of visibility into threats and incidents targeting federal networks.”

·         Expanding the Joint Cyber Defense Collaborative (JCDC), which brings together government and private sector partners. JCDC exercise a plan to guard against Russian cyber attacks, especially after Russia’s invasion of Ukraine.

·         JCDC also worked with partners once the Log4Shell vulnerability in Apache Log4j software was discovered. The software is used in commercial applications and JCDC worked with international partners to release a cybersecurity advisory and recommend mitigations.

Risk Reduction and Resilience

One of CISA’s priorities is to proactively reduce the risk to infrastructure and systems while also building capacity to protect against risks.

2022 Highlights include:

·         Collaborating with the Federal Emergency Management Agency (FEMA) on a State and Local Cybersecurity Grant program to help underfunded state and local governments build cyber resiliency.

·         Holding the biennial Cyber Storm exercise, where the public and private sectors came together to simulate response to a major cyber incident.

·         Holding the inaugural national summit on K-12 school safety, which brought together federal, state and local school leaders to share recommendations on promoting safe learning environments in schools.

·         Launching a voluntary chemical security initiative called ChemLock to provide facilities that house dangerous chemicals with tools to improve their security.

Operational Collaboration

CISA cites the following accomplishments in collaboration as the agency notes that “securing our nation’s cyber and physical infrastructure is a shared responsibility”:

·         Opening its first Attaché office in London. Cooperation was also formalized with international partners including the United Kingdom, Australia, Israel and others.

·         Domestically, CISA’s ten regional offices supported 194 incidents and 197 special events this past year.

·         CISA received initial funding within the FY22 appropriation for a new program that will ensure that Next Generation 911 systems align with National Institute of Standards and Technology (NIST) cybersecurity standards.

·         Captured and shared lessons from weather and other related incidents.

·         Worked all 50 states, the District of Columbia and U.S. territories to secure the 2022 election.

Agency Unification

CISA dedicated the final section of its report to discuss building and improving its workforce culture. That included:

·         Launching a three-phase “culture sprint” focusing on improving “psychological safety” and fostering an environment where employees can be their true selves at work.

·         Declaring 2022 the year of mental health and well-being, as workers began turning the page on the Covid-19 pandemic.

As for 2023, the agency says it looks forward to a more streamlined internal procurement process, after Congress funded positions to start a contracting office at the agency.

Director Easterly also wrote about hiring, saying the agency is hiring toward a goal of over 3,400 full-time positions. CISA gained 400 of those in the past year’s budget. In FY 2020, the agency had just 267 full-time employees.

“It’s been a wild ride, but an incredible one, and every year we’ve matured, we’ve received new authorities and new responsibilities, while bringing in top-tier talent to confront a dynamic and increasingly complex threat landscape,” said Director Easterly.