A year of growth and transition as America’s Cyber Defense Agency and National Coordinator for Critical Infrastructure Security and Resilience
WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its 2024 Year in Review, which reflects accomplishments across the agency’s broad cybersecurity, infrastructure security and emergency communications missions.
“I’m proud of what we’ve accomplished this year,” said CISA Director Jen Easterly. “The risk environment continues to change, and CISA continues to grow and rise to the occasion. It’s been a great honor to lead CISA the past three and a half years. I’d like to thank our incredible staff as well as our government, private sector, and international partners for helping us build resilience, reduce risk, and make our country more secure.”
Throughout the year, CISA focused on leading the national effort to reduce risk to the cyber and physical infrastructure Americans rely on every day and working collaboratively to win and maintain the trust of the agency’s many partners across industry, state and local officials, and the election stakeholder community.
Just a few of CISA’s efforts over the year include:
- Protecting Election Infrastructure against Security Risks. This year, thanks to the tireless efforts of the nation’s state and local election officials, our elections were secure and resilient. Since the election infrastructure subsector was designated essential in 2017, CISA has worked extensively with election officials, election technology and service providers, and federal partners across the nation to offer threat briefings and voluntary risk mitigation guidance to support the election infrastructure community’s efforts to manage risks to their systems and infrastructure. This continued work across all levels of government resulted in election infrastructure that has helped increase election security and resilience and strengthen the election community’s ability to deliver safe, secure, free, and fair elections for the American people and a peaceful transfer of power.
- Mitigating Nation-State Threats. Advanced Persistent Threat (APT) actors—particularly those backed by the governments of China, Russia, North Korea, and Iran—are well-resourced and engage in sophisticated malicious cyber activity that is targeted and aimed at prolonged network and system intrusion. Over the past year, CISA continued to focus on detecting, preventing and mitigating these threats; advanced scalable vulnerability reduction for government and critical infrastructure; and increased awareness, preparedness, and resilience focused on threats and tactics.
- Raising Awareness of Secure by Design Principles. This year, CISA made meaningful progress to ensure safer and more secure technology products for everyone. This included updating foundational guidance and expanding international partnership on this issue. In May, CISA announced that leading technology companies committed to our Secure by Design Pledge, prioritizing security in their products from the outset. This initiative marks a significant milestone as companies take public responsibility for their customers’ security, and aim to prevent exploitable defects in the design process. To date, more than 250 companies have signed on to the pledge, including some of the largest tech giants in the world.
- Working to Harness AI’s Potential, Manage its Risks. In our role as the nation’s cyber defense agency and the National Coordinator for security and resilience for critical infrastructure, CISA is managing the opportunities and risks that AI introduces at the nexus of cybersecurity and critical infrastructure. Since releasing CISA’s Roadmap for AI in late 2023, we have hit several major milestones, including completing our first set of annual AI risk assessments for critical infrastructure sectors in January. In August, CISA established the role of Chief AI Officer, institutionalizing our efforts to use AI for cybersecurity and help ensure critical infrastructure partners design, develop, and adopt AI in ways that are safe and secure. CISA joined interagency partners to serve as a founding member of the Testing Risks of AI for National Security (TRAINS) taskforce, focused on testing advanced AI models across national security domains.
The 2024 Year in Review is in an easy-to-use, interactive web-based format that invites readers to learn about the agency’s work over the past year and dive deeper into each topic through links and videos.
Read the full report at 2024 Year in Review | CISA
###
About CISA
As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.
Visit CISA.gov for more information and follow us on X, Facebook, LinkedIn, Instagram.