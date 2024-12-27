The past year marked a year of “growth and transition” for the US Cybersecurity and Infrastructure Security Agency (CISA), according to its departing Director, Jen Easterly.

In the foreword of the Agency’s 2024 Year in Review, Easterly’s final report before she steps down in January, she highlighted how CISA has focused on “working collaboratively to win and maintain the trust of our myriad partners, including industry, state and local officials and the election stakeholder community.”

This focus is evident in the review, which details numerous ongoing and new initiatives to strengthen collaboration between CISA and its industry partners.

CISA’s 2024 Achievements in Numbers

One example of this enhanced collaboration with industry partners is CISA’s Pre-Ransomware Notification Initiative (PRNI). While the initiative was launched in March 2023, it took off in 2024, with 2131 pre-ransomware notifications sent by CISA that year alone. A total of 3368 have been issued since the beginning of the program.

"These notifications include those sent to hundreds of K-12 school districts; state, local, tribal and territorial government entities; healthcare organizations and hospitals; and other critical infrastructure,” said the review.

In 2024, the Agency’s achievements through various other initiatives include:

Mitigating over 1200 vulnerable devices

Blocking 1.26 billion malicious connections targeting federal agencies

Remediating over 861 vulnerabilities

Producing 427 vulnerability advisories

Coordinating 845 vulnerability disclosures

Contributing to over 45 capacity development engagements with more than 15 partner nations and over 150 international participants using over $400k in interagency funds

Additionally, CISA released almost 1300 cyber defense alerts, advisories, and products, including 58 joint-sealed cybersecurity advisories and co-sealed products through the Joint Cyber Defense Collaborative (JCDC).

The Agency also helped improve cyber reporting by releasing an enhanced voluntary cyber incident reporting resource and publishing the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Notice of Proposed Rulemaking (NPRM), which contains CISA’s proposed regulations for implementing the CIRCIA regulatory program.

In 2024, CISA has increased its efforts to strengthen what it calls “target rich, cyber poor” sectors, including water and wastewater management, healthcare and education.

This effort translated into various initiatives in collaboration with the US Environmental Protection Agency (EPA), the K-12 community and the US Department of Health and Human Services (HHS).

Secure by Design and Cyber Storm Live Drills

Like PRNI, CISA’s Secure by Design program, which includes pledging to increase usage of multifactor authentication (MFA), reduce vulnerabilities and increase installation of security patches, started in 2023.