WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its fourth annual Year in Review showcasing CISA’s work to protect the nation from cyber and physical threats, while working to increase the resilience of critical infrastructure Americans rely on every day. The 2023 Year in Review reflects on the agency’s accomplishments across its broad cybersecurity, infrastructure security and emergency communications missions as the nation and the world adapted to technological advances, spillover from international events and other major events. In 2024, CISA will continue to develop and deliver tools, training, technical expertise and other resources to help our critical infrastructure partners increase their own resilience and defenses against evolving risks.
“This Year in Review report demonstrates CISA’s exceptional work in 2023 to protect critical infrastructure,” said CISA Director Jen Easterly. “It not only celebrates our progress from the past year but also spotlights groundbreaking milestones and pioneering ‘firsts’ achieved by the agency. These efforts are a testament to and reflect the dedication of CISA’s workforce. Because of their commitment to the mission, the critical infrastructure systems that Americans rely on every day are more secure and resilient than ever.”
In 2023, the CISA accomplishments included:
- Promoting Secure by Design Principles. As part of an Administration-wide push to promote secure software development, CISA launched its Secure by Design campaign in April 2023. This effort strives for a future where technology is safe, secure and resilient by design by encouraging software manufacturers to take ownership of customer security outcomes. In October 2023, CISA and 17 U.S. and international partners published an update to a joint Secure by Design white paper on “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software.” Originally released April 13, 2023, this paper urges software manufacturers to revamp their design and development programs to produce only secure by design products. It also emphasizes three core principles: 1.) Take ownership of customer security outcomes, 2.) Embrace radical transparency and accountability, and 3.) Lead from the top.
- Leading on Artificial Intelligence. CISA published its first Roadmap for Artificial Intelligence (AI) in November 2023, adding to the significant U.S. Department of Homeland Security and broader whole-of-government effort to ensure the secure development and implementation of AI capabilities. This Roadmap outlines a whole-of-agency plan to assess possible cyber-related risks to the use of AI, provide guidance to the critical infrastructure sectors that Americans rely on every hour of every day, and capitalize on AI’s potential to improve U.S. cyber defenses.
- Reducing the Risk of Ransomware. In March 2023, CISA launched the Pre-Ransomware Notification Initiative, which measurably reduces risk by warning organizations of early-stage ransomware activity. Since the Initiative’s launch, the agency conducted more than 1,000 pre-ransomware notifications across a variety of critical infrastructure sectors and to partners abroad.
- Encouraging Cyber Hygiene. In September 2023, CISA launched its Secure Our World program. Secure Our World is a new and enduring cybersecurity awareness program that emphasizes four simple cyber hygiene steps everyone should implement and continuously improve upon: 1.) Use Strong Passwords and a Password Manager, 2.) Turn On Multifactor Authentication, 3.) Recognize and Report Phishing, and 4.) Update Software. The campaign featured CISA’s first-ever public service announcement (PSA) and garnered significant public attention though outreach efforts including television, radio and billboard ads, podcasts, media coverage, social media and beyond.
- Supporting Critical Infrastructure. CISA enhanced its engagement with “target rich, resource poor” organizations, including the Water and Wastewater Sector, K-12 Education Subsector, Healthcare and Public Health Sector and the Election Security Sector. In 2023, CISA completed more than 6,700 stakeholder engagements with government and private sector participants to share threat information and promote its cybersecurity services.
- Enhancing Emergency Communications. In 2023, CISA accumulated new subscribers to CISA’s Priority Telecommunication Services (PTS) program which enables essential personnel to communicate when landline or wireless networks become degraded, congested or otherwise unavailable. The PTS program covers wireline communications under Government Emergency Telecommunications Service (GETS), wireless voice communications under Wireless Priority Service (WPS), and priority repair and installation of critical voice and data circuits under Telecommunications Service Priority (TSP). In 2023, GETS added 51,023 new subscribers, thanks in large part to focused outreach during the second annual Emergency Communications Month in April. In addition, WPS users increased by 283,357 subscribers. TSP also added restoration priority to 18,307 new circuits that support national security emergency preparedness missions.
- Providing Resources to State and Local Governments. In 2023, CISA and the Federal Emergency Management Agency (FEMA) jointly implemented the State and Local Cybersecurity Grant Program (SLCGP). The SLCGP is a first-of-its-kind cybersecurity grant program specifically for state, local and territorial governments across the country. In September 2023, CISA and FEMA announced the of Notice of Funding Opportunity for the Tribal Cybersecurity Grant Program, allocating $18.2 million to bolster cybersecurity among federally-recognized tribes.
- Strengthening Regional Election Security Support. In 2023, CISA established dedicated election security advisors (ESAs) in each of its 10 regions to provide support and resources to promote secure elections. These ESAs work directly for CISA’s Regional Directors and with the agency’s cybersecurity and protective security advisors to ensure CISA’s capabilities and services are being optimally employed to meet the unique needs of each state or locality.
- Improving Security for Chemical Facilities. CISA celebrated the second anniversary of its ChemLock voluntary program in November 2023. This program provides facilities possessing dangerous chemicals with tailored, scalable, no-cost services and tools to improve their chemical cyber and physical security posture.
This digitally interactive 2023 Year in Review takes on a new look and feel, providing the reader with a brief snapshot of CISA’s accomplishments while linking back to corresponding CISA.gov webpages for a deeper dive into its programs and initiatives.
Read the full Year in Review to learn more about CISA’s accomplishments and success stories from 2023.
###
About CISA
As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.
Visit CISA.gov for more information and follow us on Twitter, Facebook, LinkedIn, Instagram.