Key Takeaways from CISA’s 2023-2025 Strategic Plan and How They Apply to Your Business


A recent U.S. News & World Report article listed some of the more notable data breaches in 2022. It includes household names like Microsoft, Uber, and even the Red Cross. Meanwhile, ransomware attacks continue to skyrocket, with 76 percent of respondents to an Illumio study reporting at least one ransomware attack in the last 24 months. Essentially, no matter the size of your organization, you need to be proactive in making your business more resilient.

That’s why we read the recently released Cybersecurity and Infrastructure Security (CISA) 2023-2025 Strategic Plan, eager to see how the U.S. government intends to fight back against these threats, helping government and private business entities increase their ability to both prevent and bounce back from attacks. Interestingly, you’ll find the word “resilience” appears 30 times in the CISA Strategic Plan.

Important Organizational Attributes and Objectives

In describing the current risk landscape, the plan notes that cyber threat actors use increasingly sophisticated methods to undermine the U.S. economy and democracy, steal intellectual property, and sow discord. CISA also points out that the infrastructures that underpin our National Critical Functions cross multiple increasingly interdependent sectors, with the boundaries between cyber and physical infrastructures becoming blurred. That means a single event can result in losses and degradation of services across multiple industries.

The plan also says that while new and emerging technologies are vital drivers of innovation and opportunity, they can also present unanticipated risks, adding that, in this dynamic risk landscape, CISA must be smart, innovative, and adaptable. CISA also states that its mission is to understand, manage, and reduce risk to our cyber and physical infrastructure. Its vision is to secure a resilient infrastructure for the American people. Each of these attributes and goals should be applied to your business:

Start With Cyber Defenses

CISA lists two primary goals in the plan that you can directly apply to your business. The first states that CISA’s role is to “spearhead the national effort to ensure the defense and resilience of cyberspace.” Each of the objectives supporting this goal is key to achieving resilience for your business and your data. We’ll paraphrase them here so you can apply them to your business.

  • Enhance the ability of your systems to withstand cyberattacks and incidents.
  • Increase your ability to actively detect cyber threats targeting your infrastructures and critical networks.
  • Drive the disclosure and mitigation of critical cyber vulnerabilities.
  • Advance your cyberspace ecosystem to drive security by default.

Reduce Risks and Strengthen Resilience

CISA’s second primary goal is risk reduction and strengthening the resilience of America’s critical infrastructure. Again, we’ll paraphrase this goal’s supporting objectives as they apply to your business.

  • Expand your visibility into risks to your infrastructure, systems, and networks.
  • Advance your analytic capabilities and methodologies.
  • Enhance your security and risk mitigation.
  • Build greater stakeholder capacity in infrastructure and network security and resilience.
  • Increase your ability to respond to threats and incidents.
  • Support risk management activities.

Unify Your Team

CISA also offers two more goals that apply in a broader sense: operational collaboration and agency unification. While these are aimed at a nationwide audience, they can also be applied to your business. Better collaboration between the executive, IT, and employee teams can significantly improve your ability to prevent and recover from disasters. And executive buy-in ensures IT teams have the budget to put proper prevention and recovery capabilities in place.

Track Known Exploited Vulnerabilities

Moving on from the CISA strategic plan, the agency's “Known Exploited Vulnerabilities Catalog is another essential service. This is where you’ll find a complete list of these vulnerabilities, descriptions, and references to advisories, solutions, and tools for each.

Data Resilience: Prevention Plus Recovery

Addressing the onslaught of cyberattacks and ransomware attacks also means preparing for any disaster. Arcserve UDP delivers on both counts, offering unified data protection that safeguards your data with Sophos Intercept X Advanced for Servers that uniquely combines deep-learning server protection, immutable storage, and scalable onsite and offsite business continuity.

Arcserve UDP proactively responds to protect your backups from ransomware and other attack vectors. It includes Assured Recovery to help you comply with SLAs, company regulations, and other requirements and even protects Microsoft 365 workloads on-premises. Arcserve UDP also lets you restore your data faster with instant virtual machine (VM), local and remote virtual standby, and other restore options. Most importantly, Arcserve UDP offers immutable storage for your backups in the cloud via Amazon S3 Object Lock or on-premises with Arcserve OneXafe.

Get Help Getting More Resilient

Arcserve’s expert technology partners can help you enhance your overall resilience with data protection, backup, and disaster recovery solutions designed to meet your specific needs. To learn more about Arcserve data resilience solutions, check out our free demos on demand.

You May Also Like