As the U.S. faces an increasingly “complex and geographically dispersed” threat landscape, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has released its first International Strategic Plan aimed at strengthening the agency’s defense against foreign adversaries.
The plan covers the years 2025/26, CISA said in a press release, and supports the agency’s first strategic plan published two years ago. CISA’s international strategic plan also is aligned with guidance in other U.S. strategy documents, such as the National Security Strategy, National Cybersecurity Strategy, U.S. International Cyberspace and Digital Policy Strategy and CISA Cybersecurity Strategic Plan.
In the new plan, CISA said its aim is to “shape the international environment to reduce risk to critical dependencies and set conditions for success in cooperation, competition and conflict.” To support this aim, the agency laid out three overall goals:
-
- Bolster the resilience of foreign infrastructure on which the U.S. depends.
-
- Strengthen integrated cyber defense.
-
- Unify CISA’s coordination of international activities.
Meeting the first goal will require working with domestic and international partners across a number of sectors spanning critical infrastructure, including pipelines, telecommunications and essential supply chains. CISA noted that U.S. and foreign infrastructure could be targeted by global terrorists and other malicious actors; therefore, the agency said it needs to build stronger relationships with international partners aligned with its interest, along with promoting standards, regulations and policies to advance its objectives.
To strengthen global cyber defenses, CISA said it intends to grow its networks of trusted partners to provide greater visibility into, and respond to, cybersecurity vulnerabilities and threats from malicious actors. The agency will grow these relationships primarily through engagements between its computer security incident response teams (CSIRT) and those of its overseas counterparts. Engaging at the CSIRT level will “enable the exchange of actionable operational information” such as vulnerability alerts, victim notifications and attackers’ tactics.
CISA also intends to “establish an environment where our partners can organically detect threats … and receive and exchange real-time risk reduction actions,” the agency said. It will do this through training and exercises, as well as providing its partners with information-sharing capabilities. Additionally, CISA will work to encourage the development of organic risk reduction capabilities.
The agency’s third goal, unifying coordination of international activities, will require CISA’s Stakeholder Engagement Division to “establish a governance structure to advise on international matters and provide a clear articulation of [CISA’s] international priorities.” In addition, CISA will aim to improve its internal information sharing with the benefit of international lessons learned, and provide its workforce deployed overseas with special training.
CISA said these actions will result in partnerships that can act as a “force multiplier” to enhance the effectiveness of its cybersecurity actions beyond what CISA can provide on its own. The agency said it sees the strategic plan as “a process, not simply a publication,” and it therefore will review progress toward its goals quarterly.
CISA has a history of collaboration with foreign partners. Just this month, the agency joined Canadian and Australian cybersecurity agencies to issue a warning about an Iranian cyber offensive they said had been underway for more than a year, targeting critical infrastructure sectors including energy, government and information technology. (See Agencies Describe a Year of Iran Cyber Attacks.)