Strategic Plan

The Cybersecurity and Infrastructure Security Agency’s (CISA) 2023-2025 Strategic Plan is the agency’s first, comprehensive strategic plan since CISA was established in 2018. This is a major milestone for the agency: The CISA Strategic Plan will focus and guide the agency’s efforts over the next three years.

The Strategic Plan builds on the foundation created through the CISA Strategic Intent published in August 2019 to guide the agency’s work and create unity of effort. In our role as the nation’s cyber defense agency and the national coordinator for critical infrastructure security, CISA works with critical infrastructure partners every day to address the evolving threat landscape.  

That approach is reflected in the CISA Strategic Plan, which focuses on how we will collectively reduce risk and build resilience to cyber and physical threats to the nation’s infrastructure. To achieve the outcome of reduced risk and increased resilience, the CISA Strategic Plan describes four ambitious goals. Three of these goals focus on “how” the agency will work to reduce risk and build resilience, while the fourth goal focuses internally to ensure the agency is in a strong position to execute the CISA Strategic Plan, working as One CISA.

With this in mind, the Strategic Plan sets CISA on a path over the next three years to drive change in four key areas:

• First, we will spearhead the national effort to ensure the defense and resilience of cyberspace. Serving as America’s cyber defense agency, we will spearhead the national effort to defend against cyber threat actors that target U.S. critical infrastructure, federal and SLTT governments, the private sector, and the American people. CISA must lean forward in our cyber defense mission toward collaborative, proactive risk reduction. Working with our many partners, it is CISA’s responsibility to help mitigate the most significant cyber risks to the country’s National Critical Functions, both as these risks emerge and before a major incident occurs.
• Second, we will reduce risks to, and strengthen the resilience of, America’s critical infrastructure. Our safety and security depend on the ability of critical infrastructure to prepare for and adapt to changing conditions and to withstand and recover rapidly from disruptions. CISA coordinates a national effort to secure and protect against critical infrastructure risks. This national effort is centered around identifying which systems and assets are truly critical to the nation, understanding how they are vulnerable, and taking action to manage and reduce risks to them. We serve as a key partner to critical infrastructure owners and operators nationwide to help reduce risks and build their security capacity to withstand new threats and disruptions, whether from cyberattacks or natural hazards and physical threats.
• Third, we will strengthen whole-of-nation operational collaboration and information sharing. At the heart of CISA’s mission is partnership and collaboration. Securing our nation’s cyber and physical infrastructure is a shared responsibility. We are challenging traditional ways of doing business and actively working with our government, industry, academic, and international partners to move toward more forward-leaning, action-oriented collaboration. We are also committed to growing and strengthening our Agency’s regional presence to more effectively deliver the assistance our stakeholders need.
• And fourth, foundational to our success, we will unify as One CISA through integrated functions, capabilities, and workforce. We will succeed because of our people. We are building a culture of excellence based on core values and core principles that prize teamwork and collaboration, innovation, ownership and empowerment, and transparency and trust. As one team unified behind our shared mission, we will “work smart” to operate in an efficient and cost-effective manner.

While the Strategic Plan highlights CISA’s overall measurement approach and representative outcomes for each objective, the agency is developing internal measures of performance and effectiveness to better track progress toward reducing risk and achieving its goals.