2CISA CYBERSECURITY STRATEGIC PLAN
To this end, our Cybersecurity Strategic Plan outlines three enduring goals:
GOAL 1: ADDRESS IMMEDIATE THREATS. We will make it increasingly difcult for our
adversaries to achieve their goals by targeting American and allied networks. We will work with
partners to gain visibility into the breadth of intrusions targeting our country, enable the
disruption of threat actor campaigns, ensure that adversaries are rapidly evicted when intrusions
occur, and accelerate mitigation of exploitable conditions that adversaries recurringly exploit.
GOAL 2: HARDEN THE TERRAIN. We will catalyze, support, and measure adoption of
strong practices for security and resilience that measurably reduce the likelihood of damaging
intrusions. We will provide actionable and usable guidance and direction that helps organizations
prioritize the most effective security investments rst and leverage scalable assessments to
evaluate progress by organizations, critical infrastructure sectors, and the nation.
GOAL 3: DRIVE SECURITY AT SCALE. We will drive prioritization of cybersecurity as a
fundamental safety issue and ask more of technology providers to build security into products
throughout their lifecycle, ship products with secure defaults, and foster radical transparency
into their security practices so that customers clearly understand the risks they are accepting by
using each product. Even as we confront the challenge of unsafe technology products, we must
ensure that the future is more secure than the present — including by looking ahead to reduce
the risks and fully leverage the benets posed by articial intelligence and the advance of
quantum-relevant computing. Recognizing that a secure future is dependent rst on our people,
we will do our part to build a national cybersecurity workforce that can address the threats of
tomorrow and reects the diversity of our country.
As we progress toward these goals, we must embody the hacker spirit, thinking creatively and
innovating in every aspect of our work. The ongoing work of CISA’s workforce—our threat hunters,
vulnerability analysts, operational planners, regionally deployed cybersecurity advisors, and
others—epitomize this collaborative spirit.
Each day, our team members work shoulder to shoulder with the cybersecurity community to
address our most pressing cyber risks. We know we cannot achieve lasting security without
close, persistent collaboration among government, industry, security researchers, the
international community, and others. Even as we are accountable for national cybersecurity, we
must align accountability across the ecosystem, such that cybersecurity is considered a
foundational business risk at every organization and technology manufacturers prioritize product
safety. Cyber incidents have caused too much harm to too many American organizations.
Working together, we can change this course. Working together, we can create a new model. We
know the path and we’ve collectively begun the right steps. Now is the time to focus, prioritize,
and accelerate — recognizing that our adversaries are not going to wait.