The Cybersecurity and Infrastructure Security Agency is growing in size and plans to spend more tax dollars in its effort to coordinate a broad response to digital threats across government and the private sector.
CISA operates a nearly $2.9 billion budget, with 2,800 employees and plans to hire 600 additional staff members, Jen Easterly, director of the agency, said in a blog post published Thursday in tandem with CISA’s year in review.
The agency is unique and without parallels in federal government. CISA is a coordinating agency that reaches across government and business to strengthen cyber defense and response, albeit with some restraints that effectively limit its power.
“We’re not a law enforcement agency, nor an intelligence agency, nor a military organization, nor a regulator in the traditional sense,” Easterly said.
CISA relies on cooperation and trust with partners inside and outside the government to improve their respective security and resilience, she said.
“We recognize that trust can only be built with transparency, humility and open communication,” Easterly said. “People simply don’t trust institutions; they trust people.”
The agency highlighted multiple accomplishments in its review of last year, including:
- The long-awaited release of cybersecurity performance goals to establish baseline measures for businesses and critical infrastructure organizations. The 37 voluntary goals are a “floor, not a ceiling” for reducing cyber risk, and offer a roadmap for under-resourced organizations.
- A formal request for public input on new incident reporting mandates under the Cyber Incident Reporting for Critical Infrastructure Act of 2022.
- Triaged 37,875 cyber incident reports and acted on 2,609 incidents requiring its assistance. During that period, it facilitated 713 coordinated vulnerability disclosure cases and produced 416 vulnerability advisories.
- The Cyber Safety Review Board was established and released its inaugural post-mortem incident report on Log4j. The board’s next report will examine the Lapsus$ ransomware gang.
- New technologies deployed across nearly 50 federal agencies to increase visibility into threats and incidents targeting federal networks.
- The Joint Cybersecurity Defense Collaborative expanded in April 2022 to include industrial control systems security vendors, integrators and distributors.
- The opening of its first-ever Attache Office in London.
“We’ve overcome obstacles to meet the demands of our mission, and we’ve grown significantly each year in capability and capacity, collaborating with our myriad of partners to reduce risk to the cyber and physical infrastructure Americans rely on every hour of every day,” Easterly said.