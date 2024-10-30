The US Cybersecurity and Infrastructure Security Agency (CISA) has published its first ever international strategic plan, designed to boost international cooperation in combatting cyber threats to critical infrastructure.

The plan acknowledges the complex and geographically dispersed nature of cyber risks, and the need for threat information and risk reduction advice to be shared rapidly with international partners.

CISA Director Jen Easterly commented: “In following this plan, CISA will improve coordination with our partners and strengthen international relationships to reduce risk to the globally interconnected and interdependent cyber and physical infrastructure that Americans rely on every day.”

The 2025-2026 International Strategic Plan supports the agency’s first Strategic Plan, which was released in August 2023.

CISA International Strategic Plan Goals

The new plan sets out three goals for CISA to achieve over the 2025-2026 period. These are:

Goal 1: Bolster the Resilience of Foreign Infrastructure on which the US Depends

CISA will work with interagency and international partners to identify and understand which international systems and assets are truly critical to the nation’s critical infrastructure and assess how they are vulnerable to create strategies to manage shared risks.

It will also look to expand visibility into internationally shared threats and systemic risks by improving communications with external partners in areas like incident reporting and threat and vulnerability information.

In addition, CISA will work with partners to shape global regulations and guidelines to strengthen the cyber resilience of critical infrastructure, such as emerging technology, chemical security, emergency communications and school safety.

Goal 2: Strengthen Integrated Cyber Defense

CISA said it will work with partners, international organizations, and non-governmental organizations to influence global cybersecurity practices and standards that promulgate cyber safety and security at scale.

This includes defining and advancing responsible state behavior in cyberspace and steering partners towards adopting secure by design principles.

The agency also aims to increase and mature its network trusted partners through bilateral and multilateral Computer Security Incident Response Team (CSIRT)-CSIRT engagements. These partnerships will enable the exchange of actionable operational information, including product sharing, vulnerability alerts, victim notifications, tactics, techniques and procedures.

CISA will also help external partners develop their capabilities to detect threats, assess potential impacts, and receive and exchange real-time risk reduction actions that increase collective security and resilience. This includes providing training, exercises, and information sharing capabilities.

Goal 3: Unify Agency Coordination of International Activities

The CISA Stakeholder Engagement Division (SED) will establish a governance structure to advise on international matters and provide a clear articulation of the agency’s international priorities.

This goal will require improving systematic information sharing across CISA to provide the agency with situational awareness of current and projected international activities.

Additionally, efforts will be made to upskill CISA’s workforce to enable it to influence the international system. This includes the development of training for employees who will deploy overseas and the provision of international affairs etiquette guidance to all these travellers.