When the Cybersecurity and Infrastructure Security Agency unveiled its Cybersecurity Strategic Plan 2024-26, I was skeptical.
The title initially seemed like just another document following in the footsteps of and reinforcing the Biden administration’s National Cybersecurity Strategy and its subsequent National Cybersecurity Strategy Implementation Plan -- both of which were very broad initiatives with clear room for improvement.
Upon closer examination, a number of the objectives to meet the goals in this new Cybersecurity Strategic Plan from CISA contain a degree of specificity that many cybersecurity professionals have found lacking in earlier cyber strategy documents. These objectives commit CISA to partnering with the private sector to achieve some real and vital results in order to protect America’s critical infrastructure.
One goal of the plan is to “Address Immediate Threats” by making it “increasingly difficult for our adversaries to achieve their goals by targeting American and allied networks.”
To do this, CISA says it will “work with partners to gain visibility into the breadth of intrusions targeting our country, enable the disruption of threat actor campaigns, ensure that adversaries are rapidly evicted when intrusions occur, and accelerate mitigation of exploitable conditions that adversaries recurringly exploit.”
Previous strategies and implementation plans were aspirational in nature and left out key elements or objectives that would attain the goals of the strategy. It is heartening to see specifics that delve a little deeper and shift the focus to a more aggressive posture that is intelligence-driven instead of reactionary.
For example, the plan seeks to “increase visibility into, and ability to mitigate, cybersecurity threats and campaigns…(and) coordinate disclosure of, hunt for, and drive mitigation of critical and exploitable vulnerabilities.”
Focusing forward and extending the defensive perimeter to intercept malicious activity is key to enabling this strategy. Like all contested endeavors, the balance of power tips to the one that gains the initiative. With the advances of AI and high-speed computing, it is possible for the U.S. to seize the initiative and identify and mitigate malicious activity external to organizational enclaves. If CISA is able to operationalize its strategy and leverage the totality of what is available, then it is possible to take away the significant time advantage that adversaries currently enjoy and mitigate threats offshore.
Private sector capabilities
The capabilities of the private sector can help CISA achieve these objectives. Best-in-class commercial products can produce relevant and actionable information to help disrupt and mitigate threats, and are being adopted by industry today. Private sector cyber analytic capabilities can help uncover adversary actions at speed and thus rapidly provide that intelligence to the communities of interest and designated covered entities.
More specifically, these innovative products already produce positive attribution of harmful events of concern in operational technology, information technology, and internet of things (IoT). This is done by producing information in near real-time on geographic location, the infrastructure used, historical malicious cyber activity, malware attributes and the illumination of the totality of the hacker ecosystem to better protect covered entities now and in the future.
These capabilities and resultant intelligence, or “clear, actionable guidance” as specified in the plan’s objectives, can also help CISA’s push for the U.S. to “increase the costs borne by transgressors and increase friction for malicious activities by leading a national effort defined by speed and scale: when an adversary compromises an American network, they are rapidly detected and evicted before damage occurs; when an exploitable condition manifests, it is similarly detected and remediated before an intrusion takes place.”
Overall, CISA’s Cybersecurity Strategic Plan improves upon previous guidelines to outline specific steps towards securing America’s critical infrastructure. By fostering public-private collaboration and extending the defensive perimeter, the federal government can make intelligence-driven decisions and enhance our overall cyber posture. CISA has laid out specific, actionable goals to achieve impactful results, and now needs to work with the private sector to secure such outcomes.
Col. Stephen P. Corcoran (USMC, ret.) is Chief of Cyber Strategy at Telos Corp. an information technology and cybersecurity company located in Ashburn, Va.