Piloting New Ground: Expanding Scalable Cybersecurity Services to Protect the Broader Critical Infrastructure Community


By Eric Goldstein, Executive Assistant Director for Cybersecurity

In recent years, cyber attacks have intensified in both volume and impact–affecting the day-to-day operations of organizations across our nation’s critical infrastructure sectors. When most Americans consider the cyber-physical impact of attacks on critical infrastructure, they may recall when a ransomware attack on Colonial Pipeline’s corporate network led to a disruption of fuel supplies to gas stations along the East Coast. More recently, advanced actors such as Volt Typhoon have demonstrated the intent and technical ability to disrupt our critical infrastructure. These types of cyber attacks have the potential to disrupt critical functions on which we all depend, and in the worst cases, lead to the loss of human life.

In response to this evolving threat environment, CISA is excited to announce a pilot program designed to deliver cutting-edge cybersecurity shared services on a voluntary basis to critical infrastructure entities that are most in need of support. CISA has acted as a managed service provider to the federal civilian government for years and observed significant risk reduction along with the benefits of cost-savings and standardization. Leveraging a new authority provided by Congress, we are eager to extend our support and enterprise cybersecurity expertise with non-federal organizations that require additional assistance to effectively address cybersecurity risks.

Scaling CISA-managed cybersecurity services for the segments of our critical infrastructure community that need it most is a cost-effective way to gain greater insight into our evolving threat environment, establish a common baseline of cyber protection, and, most importantly, reduce the frequency and impact of damaging cyber events.

Last month, CISA began deploying our Protective Domain Name System (DNS) Resolver to pilot participants which, until now, had only been available to federal civilian agencies. It is a proven, cost-effective solution that uses U.S. government and commercial threat intelligence to prevent systems from connecting to known or suspected malicious domains. Since 2022, CISA’s Protective DNS service has successfully blocked nearly 700 million connection attempts from federal agencies to malicious domains across the globe and continues to reduce the risk of the most common cyber risks like ransomware, phishing and malicious redirects. In short, CISA is broadening the use of our highly scalable Protective DNS service to ensure "Target Rich, Resource Poor” critical infrastructure entities have access to some of the same cybersecurity protections which have proven foundational to enterprise risk reduction across the federal government.

Through this pilot program, we are identifying critical infrastructure entities interested in leveraging CISA-provided commercial shared services, stress-testing our service delivery mechanisms, and demonstrating our ability to acquire, deploy, and operate these cybersecurity services at-scale. In alignment with CISA’s ‘Target Rich, Resource Poor’ strategy, our teams are working with critical infrastructure entities in the healthcare, water, and K-12 education sectors in our first phase of deployment. This year, we plan to deliver services to up to 100 entities.

As part of this Cybersecurity Shared Services Pilot program, CISA is hosting roundtables and information sessions with critical infrastructure partners in every region and across all sectors. We want to understand their unique needs and challenges, identify gaps in existing capabilities, assess interest in our shared services, and identify ways CISA can provide more scalable support through shared services or other means. The insights obtained through these discussions and as a result of the Protective DNS pilot will inform our effort to better serve our nation’s critical infrastructure organizations.

As America’s Cyber Defense Agency, we believe the ability to provide cost-effective, highly scalable, and innovative solutions to critical infrastructure entities in need of assistance is vital to our national cyber mission. As the cyber threat environment continues to evolve and the potential impacts on everyday life become more real, the need for collective cyber defense  increases. CISA stands by to support these entities and is prepared to answer the call.

We look forward to expanding the list of participating entities and available shared services throughout the next year. If your organization is interested in participating in the no-cost critical infrastructure pilot commercial shared services program, or know someone who is, please contact a security advisor at a CISA Office in your region.