The past year marked a year of “growth and transition” for the US Cybersecurity and Infrastructure Security Agency (CISA), according to its departing Director, Jen Easterly.
In the foreword of the Agency’s 2024 Year in Review, Easterly’s final report before she steps down in January, she highlighted how CISA has focused on “working collaboratively to win and maintain the trust of our myriad partners, including industry, state and local officials and the election stakeholder community.”
This focus is evident in the review, which details numerous ongoing and new initiatives to strengthen collaboration between CISA and its industry partners.
CISA’s 2024 Achievements in Numbers
One example of this enhanced collaboration with industry partners is CISA’s Pre-Ransomware Notification Initiative (PRNI). While the initiative was launched in March 2023, it took off in 2024, with 2131 pre-ransomware notifications sent by CISA that year alone. A total of 3368 have been issued since the beginning of the program.
“These notifications include those sent to hundreds of K-12 school districts; state, local, tribal and territorial government entities; healthcare organizations and hospitals; and other critical infrastructure,” said the review.
In 2024, the Agency’s achievements through various other initiatives include:
- Mitigating over 1200 vulnerable devices
- Blocking 1.26 billion malicious connections targeting federal agencies
- Remediating over 861 vulnerabilities
- Producing 427 vulnerability advisories
- Coordinating 845 vulnerability disclosures
- Contributing to over 45 capacity development engagements with more than 15 partner nations and over 150 international participants using over $400k in interagency funds
Additionally, CISA released almost 1300 cyber defense alerts, advisories, and products, including 58 joint-sealed cybersecurity advisories and co-sealed products through the Joint Cyber Defense Collaborative (JCDC).
The Agency also helped improve cyber reporting by releasing an enhanced voluntary cyber incident reporting resource and publishing the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Notice of Proposed Rulemaking (NPRM), which contains CISA’s proposed regulations for implementing the CIRCIA regulatory program.
In 2024, CISA has increased its efforts to strengthen what it calls “target rich, cyber poor” sectors, including water and wastewater management, healthcare and education.
This effort translated into various initiatives in collaboration with the US Environmental Protection Agency (EPA), the K-12 community and the US Department of Health and Human Services (HHS).
Secure by Design and Cyber Storm Live Drills
Like PRNI, CISA’s Secure by Design program, which includes pledging to increase usage of multifactor authentication (MFA), reduce vulnerabilities and increase installation of security patches, started in 2023.
The initiative expanded in 2024 with efforts undertaken this year, including:
- Reaching 250 software manufacturers to commit to the Secure by Design Pledge
- Getting the NSA, the FBI and 14 international partners to recommend the pledge as a roadmap for software manufacturers to ensure the security of their products
- Publishing updated guidance emphasizing three core principles: taking ownership of customer security outcomes, embracing radical transparency and accountability, and leading from the top
- Providing actionable recommendations to technology manufacturers and guidance on adopting memory safety roadmaps
- Releasing the Secure by Design guide for those purchasing software. This guide lists questions customers can ask of their vendors and discusses why each security element matters to their organization.
CISA said in its 2024 Year in Review that it will now “explore how educational communities can incorporate security into computer science and coding programs to build a future workforce that prioritizes secure design; and gain insight into the economic forces impacting software security to better understand and address the root causes of vulnerabilities.”
Read more on how CISA wants to evolve the Secure by Design Pledge
Another significant CISA achievement in 2024 is its Cyber Storm exercise series, aimed to help government and industry partners prepare for significant cyber incidents, including nation-state-sponsored activity.
CISA’s Cyber Storm IX occurred over three days in April 2024, with a scenario that drew from the type of cybersecurity threats posed by nation-states and included cloud-based vulnerabilities impacting critical infrastructure, focusing on food and agriculture.
The exercise drew over 2200 participants from 35 federal agencies, 13 states, over 100 private companies representing 12 critical infrastructure sectors and 11 partner nations.
This was just one of many ways CISA is helping US organizations prepare to defend against advanced persistent threat (APT) actors. Most of the Agency’s 2024 focus was on Chinese threat actors, which the US government said is the most active and persistent cyber threat to the US public and private sectors.
Securing the Election
Another key CISA focus in 2024 was securing the November US Elections.
As election infrastructure has been part of US critical infrastructure since 2017, CISA must help ensure its security and resilience. The Agency’s work involves many security procedures, including providing security training, helping strengthen the security posture and hygiene of organizations involved in the election, and auditing IT systems.
CISA also launched the #Protect2024 portal at the start of 2024. This webpage was the central hub for CISA’s election security guidance products and public releases.
Since its launch, the #Protect2024 site has amassed over 235,000 views and served as the release site for 17 new security guidance products. The website also housed the release of six joint public statements by CISA, FBI and the Office of the Director of National Intelligence (ODNI) on foreign government activity targeting our election infrastructure.
CISA’s Director Easterly and other members of the Agency’s leadership team have also maintained an online presence throughout the year to communicate about initiatives conducted by CISA and the US Government to secure election infrastructure.
Looking to 2025 and Beyond
On October 29, CISA released its first International Strategic Plan. This strategy aims to improve CISA’s coordination with its partners, advance international relationships to strengthen the security and resilience of critical infrastructure and focus and guide the Agency’s international initiatives through 2026.
One of the areas in which the Agency believes it needs the most collaboration is securing AI systems.
After establishing the role of Chief AI Officer in August and joining the Testing Risks of AI for National Security (TRAINS) taskforce in November, CISA said it will “continue to explore partnerships with international partners, especially Australia, Canada, New Zealand, and the UK, for red teaming guidelines, best practices, and collaboration models for joint AI red teaming exercises.”
In her closing remarks, Easterly said that the government, industry, academia and international partners should strengthen collaboration, especially in sharing information and implementing appropriate measures to protect critical infrastructure.
“We are excited to see how CISA evolves as it continues its mission in 2025 under new leadership. We have created a foundation that is strong and capable of meeting the threats we know will only intensify over the coming year, while also maintaining a flexible, innovative mindset so we can adapt to a changing a geopolitical and technological environment as the coming years bring new challenges and opportunities,” she added.