Cross-Sector Cybersecurity Performance Goals

by Cybersecurity and Infrastructure Security Agency

As the nation’s cyber defense agency, one of CISA’s most important roles is to understand the challenges facing organizations, both large and small, in order to make progress on the shared goal of reducing cyber risk to the critical infrastructure Americans rely on every day. Over the past several years, as our nation has faced unprecedented cyber threats from ransomware to nation-state espionage, we have heard a common refrain from organizations across the spectrum, from the largest multinational corporations to state and local governments, to critical infrastructure entities of all How can we focus investment toward to the most impactful security outcomes? We hear small- and medium-sized hospitals and utilities ask how they can make progress with limited budgets, staffing, and expertise. We hear organizations with mature cyber programs ask what more they can do to prevent attacks from advanced adversaries, manage risks to less mature organizations in their supply chain, and help reduce broader risk to the nation. We hear the global Operational Technology and Industrial Control Systems (OT/ICS) community clamor to be seen and recognized alongside traditional IT security and supported in their essential role of defending our increasingly connected electric grids, hospitals, water facilities, and other critical infrastructure.

28 pages, Paperback

Published December 8, 2022