The Cybersecurity and Infrastructure Security Agency (CISA), operating under the United States Department of Homeland Security (DHS), serves as a pivotal entity responsible for fortifying cybersecurity measures and safeguarding critical infrastructure at all levels of governance. Initially established as the DHS National Protection and Programs Directorate in 2007, CISA’s mandate expanded significantly with the enactment of the Cybersecurity and Infrastructure Security Agency Act of 2018. This legislation broadened CISA’s scope to include pivotal roles in ensuring the security of national elections and the census, orchestrating responses to National Special Security Events, and addressing emergent challenges such as the COVID-19 Pandemic. Additionally, CISA has been instrumental in initiatives concerning 5G network security, enhancing resilience against electromagnetic pulses (EMPs) in the national power grid, and spearheading the national counter-IED effort through the Office for Bombing Prevention. Currently headquartered in Arlington, Virginia, CISA is poised to relocate its operations, along with its workforce of 6,500 employees, to a state-of-the-art facility on the consolidated DHS St. Elizabeths campus headquarters, slated for completion in 2025.

Transforming Homeland Security: The Evolution of CISA

In 2007, the National Protection and Programs Directorate (NPPD) was established under the United States Department of Homeland Security (DHS) with a mission to bolster national security by mitigating threats to critical physical and cyber infrastructure. However, the landscape shifted significantly with the enactment of the Cybersecurity and Infrastructure Security Agency Act of 2018, signed into law by President Trump on November 16, 2018. This pivotal legislation elevated the former NPPD’s mission within DHS, paving the way for the creation of the Cybersecurity and Infrastructure Security Agency (CISA). Serving as a successor agency to NPPD, CISA assumed the responsibility of assisting government agencies and private sector organizations in navigating complex cybersecurity challenges.

Under the leadership of former NPPD Under-Secretary Christopher Krebs, who became CISA’s inaugural Director, and former Deputy Under-Secretary Matthew Travis, who assumed the role of the agency’s first deputy director, CISA embarked on a journey to safeguard the nation’s digital infrastructure. Early on, CISA demonstrated its proactive approach to cybersecurity threats by issuing its first Emergency Directive in January 2019, aimed at mitigating DNS infrastructure tampering. The agency remained vigilant in combating disinformation during critical events such as the 2020 United States presidential election, launching the Rumor Control website to address false narratives surrounding the electoral process.

In 2021, CISA underwent a leadership transition with the confirmation of Jen Easterly as its new Director. Easterly’s tenure marked a renewed focus on bolstering the nation’s cognitive infrastructure to counter online disinformation and enhance cybersecurity resilience. Despite challenges, including delays in Easterly’s confirmation due to broader national security concerns, CISA remained steadfast in its commitment to safeguarding the nation’s digital landscape.

Cyber Resilience: CISA’s Strategic Initiatives

 CISA Initiatives

In September 2022, CISA unveiled its groundbreaking 2023–2025 Strategic Plan, marking a significant milestone in the agency’s evolution since its inception in 2018. This comprehensive strategy document outlines CISA’s vision and objectives for the coming years, reflecting its commitment to enhancing national cybersecurity and infrastructure protection.

In August 2021, CISA Director Jen Easterly underscored the agency’s focus on fortifying the nation’s cognitive infrastructure against misinformation and disinformation. Recognizing the pivotal role of cognitive resilience in safeguarding critical infrastructure, Easterly emphasized the importance of countering evolving cyber threats to ensure national security.

Amidst a surge in ransomware attacks, CISA took proactive measures to address this growing menace. In 2021, the agency released a seminal report offering actionable guidance on navigating and mitigating ransomware incidents. This initiative aimed to empower organizations with the knowledge and tools needed to defend against ransomware attacks and bolster overall cyber resilience in the face of evolving threats.

Advancing Cybersecurity: Key Initiatives by CISA

Under its Continuous Diagnostics and Mitigations program, CISA delivers essential cybersecurity tools and services to federal agencies, reinforcing their defense against evolving cyber threats. CISA plays a pivotal role in issuing “binding operational directives” to federal government agencies, mandating specific actions to mitigate cybersecurity risks and enhance overall resilience.

In a significant development, CISA assumed control of the .gov top-level domain (TLD) from the General Services Administration in March 2021. Managing domain approvals and operating the TLD Domain Name System nameservers, CISA eliminated domain registration fees in April 2021, promoting broader access to .gov domains. Subsequently, in January 2023, Cloudflare secured a $7.2M contract to provide DNS registry and hosting services for the TLD, further strengthening its infrastructure.

Providing incident response services to both the federal executive branch and US-based entities, CISA ensures swift and effective responses to cybersecurity incidents, bolstering the nation’s cyber defense capabilities.

CISA oversees the EINSTEIN intrusion detection system, a critical component in identifying and thwarting malicious activity across federal government agency networks.

Empowered by the National Defense Authorization Act for Fiscal Year 2021, CISA possesses the authority to issue administrative subpoenas to identify owners of internet-connected critical infrastructure devices with specific vulnerabilities. In 2021 alone, CISA issued 47 subpoenas, underscoring its commitment to identifying and addressing cybersecurity risks proactively.

Conclusion

As the Cybersecurity and Infrastructure Security Agency (CISA) continues to evolve and expand its role in safeguarding national assets, its mission remains steadfast: to strengthen digital defenses and enhance cybersecurity measures across critical infrastructure sectors. From its inception as the National Protection and Programs Directorate (NPPD) in 2007 to its transformation into CISA following the Cybersecurity and Infrastructure Security Agency Act of 2018, the agency has demonstrated unwavering dedication to protecting the nation’s digital landscape. Under the visionary leadership of directors such as Christopher Krebs and Jen Easterly, CISA has navigated through significant challenges, from mitigating DNS infrastructure tampering to combating disinformation during critical events like the 2020 presidential election. As evidenced by the release of its groundbreaking 2023–2025 Strategic Plan and proactive initiatives to address ransomware threats, CISA remains at the forefront of advancing cybersecurity resilience and infrastructure protection.