DHS and CISA Announce Cybersecurity Awareness Month 2025
WASHINGTON – Today, the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) announced the official beginning of Cybersecurity Awareness Month 2025. This national campaign, administered by CISA, will give partner agencies and the private sector the tools, support, and information they need to secure the vital services fundamental to our civilization: water, power, communications, food, finance, and more. This year’s theme is Building a Cyber Strong America, as CISA gets back on mission to be the nation’s leading cybersecurity agency.
This campaign engages with all levels of government and businesses big and small. It calls on everyone – state, local, tribal and territorial (SLTT) governments, small and medium businesses, and entities involved in our supply chains – to take cybersecurity into their own hands to secure the Homeland in a world of constantly-evolving threats.
“Cybersecurity is a critical theater in defending our homeland,” said Homeland Security Secretary Kristi Noem. “Every day, bad actors are trying to steal information, sabotage critical infrastructure, and use cyberspace to exploit American citizens. Taking down these threats requires a strong private-public partnership, and the reforms we’ve implemented at CISA have empowered them to work with all of our partners to take down these threats and make America cyber secure again. This Cybersecurity Awareness Month is the time for us to continue our efforts to build a cyber strong America.”
Cyber threats never take a day off. CISA and DHS urge every citizen, government entity, and business to remain vigilant and work to neutralize cyber threats before they cause damage.
“Critical infrastructure – whether in the hands of state and local entities, private businesses, or supply chain partners – is the backbone of our daily lives,” said Acting CISA Director Madhu Gottumukkala. “Whenever it’s disrupted, the effects ripple through communities across America. That’s why this year CISA is prioritizing the security and resilience of small and medium businesses, and state, local, tribal, and territorial government (SLTT) that facilitate the systems and services sustain us every day. This includes things like clean water, secure transportation, quality healthcare, secure financial transactions, rapid communications, and more. Together, we must make resilience routine so America stays safe, strong, and secure.”
Below are some cybersecurity best practices that you can adopt, right now, to help keep yourself and America safe:
- Recognize and report phishing: Stop scams before they spread.
- Require strong passwords: Long, random, unique passwords protect accounts.
- Turn on multifactor authentication (MFA): Add a vital layer of defense.
- Update software: Patch known vulnerabilities before attackers exploit them.
Additionally, you can take easy steps to boost your organization’s resilience.
- Enable system logging on your systems: Detect suspicious activity.
- Back up data: Speed recovery when incidents occur.
- Encrypt sensitive information: Render stolen data useless by keeping it locked and unreadable. Make encryption part of your security strategy.
This October, DHS and CISA are calling on every sector in the nation to join the mission: Building a Cyber Strong America starts with you.
For resources, toolkits, and practical guidance visit cisa.gov/cybersecurity-awareness-month
###
About CISA
As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.
Visit CISA.gov for more information and follow us on X, Facebook, LinkedIn, Instagram.