2023 Year In Review
2023 Year In Review
Letter from Leadership
TARGET RICH
CYBERSECURITY
INFRASTRUCTURE SECURITY
EMERGENCY COMMUNICATIONS
PARTNERSHIPS AND COLLABORATION
REGIONAL SUPPORT
Letter from Leadership

Letter from Leadership

Welcome to CISA’s 2023 Year in Review. We hope you enjoy this interactive format and encourage you to explore each topic in more depth by clicking the embedded links. This past year has brought an added layer of complexity as we start to tackle the implications of widespread use of Artificial Intelligence, grapple with the ripple effects of overseas conflict, and continue to execute our role as the nation’s cyber defense agency and national coordinator for critical infrastructure security and resilience.  

As we have said many times over the past years, no single agency, organization, or individual can see the full threat picture. It takes partnership, and that is at the core of how we achieve our mission. As you read through this year’s report, know that behind many or even most of these achievements lie strong collaboration with our many partners at home and abroad.  

2023 also marked CISA’s 5th anniversary since the agency was established in 2018. See how we have evolved over the past five years:

Mission: We lead the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure.

Vision: Secure and resilient critical infrastructure for the American people. 

With Gratitude, 

Leadership signatures

Jen Easterly (Director), Nitin Natarajan (Deputy Director), Brandon Wales (Executive Director), Kathryn Coulter (Chief of Staff)

Return to Top

TARGET RICH

TARGET RICH

In 2023, CISA prioritized engagement and cybersecurity within “target rich” sectors, including water and wastewater, K-12 education, and healthcare and public health.

Snapshot: CISA's Target Rich Initiative

Over the past year, CISA worked closely with the Water and Wastewater Sector, Education Facilities (K-12) Sector/Subsector, Healthcare and Public Health Sector, and the Elections Subsector. These sectors often have few resources to invest in security and resilience and are at high risk from adversaries who see them highly desirable targets.

As part of its efforts, CISA completed nearly 6,700 stakeholder engagements with government and private sector participants in 2023. This includes:

  • Almost 2,700 engagements for the Healthcare & Public Health Sector
  • More than 1,700 engagements for the Water & Wastewater Sector
  • More than 2,200 for K-12 Sector engagements
K-12 Cybersecurity

In January 2023, CISA published its Protecting Our Future: Partnering to Safeguard K-12 Organizations from Cybersecurity Threats report and toolkit which identify cybersecurity risks to K-12 schools while also providing recommendations to help schools face these risks.

In September 2023, CISA announced a voluntary pledge for K-12 education technology software manufacturers to commit to designing products with greater security built in. As of October 2023, 11 companies have signed on.         

CISA is also dedicated to strengthening the physical security and safety of schools across the country. In 2023, we:

A mother with child and doctor at an appointment

To help improve cybersecurity within the Healthcare and Public Health (HPH) Sector, CISA, the Department of Health and Human Services (HHS)—the sector risk management agency for healthcare—and the Health Sector Coordinating Council Cybersecurity Working Group worked together over the past year to deliver tools, resources, training, and information that can help organizations within this vitally important sector.

CISA reached a key milestone in its collaboration with HHS as it rolled out a joint HPH Cybersecurity Toolkit in October at a partner roundtable co-hosted with HHS.

Through its National Cyber Exercise Program, CISA also published the HPH Sector CISA Tabletop Exercise Package (CTEP). The HPH Sector CTEP is a tabletop exercise-in-a-box to help members of the HPH Sector increase their cyber resilience. It allows organizations to customize an exercise to fit their needs by modifying its scenario and discussion questions.

A photo of a water system

In 2023, CISA grew its collaboration with the Environmental Protection Agency (EPA)—the Sector Risk Management Agency for water—and other sector partners around the nation to help improve cybersecurity in this lifeline sector.

CISA and EPA released a joint cyber hygiene fact sheet for water and started the Water and Wastewater Cybersecurity webpage to bring together existing resources and to host additional joint products.

In December 2023, CISA co-sealed a Cybersecurity Advisory with key federal partners and the Israel National Cyber Directorate in response to the active exploitation of programmable logic controllers in multiple sectors, including U.S. Water and Wastewater Systems.

Additionally, CISA’s National Cyber Exercise Program published the Water/Wastewater Systems CTEP, a tabletop exercise-in-a-box intended to help members of the Water and Wastewater Sector increase their cyber resilience.

CYBERSECURITY

CYBERSECURITY

CISA strengthens the security and resilience of cyberspace by offering a range of services and resources focused on operational resilience, cybersecurity practices, and other key elements of a robust and resilient cyber framework.

In October 2023, CISA and 17 U.S. and international partners published an update to “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software,” originally released April 13, 2023. The updated guidance integrated feedback received from hundreds of individuals, companies and non-profits, and eight new international agency co-sealers.

Secure by Design logo

This paper urges software manufacturers to revamp their design and development programs to permit only secure by design products to be shipped to customers and lays out three core principles:

  1. Take Ownership of Customer Security Outcomes
  2. Embrace Radical Transparency and Accountability
  3. Lead from the Top

CISA additionally released our first Secure by Design Alerts reflecting the real-world harm created by technology products that are released with known defects, such as exposed web interfaces and default passwords.

CISA notifies thousands of organizations about intrusions and vulnerabilities, allowing mitigation before damage occurs, avoiding millions of dollars of impacts and real harm to public health and safety. 

 

Ransomware abstract photo
7
U.S. Water and Wastewater Sector Entities
37
U.S. Transportation System Sector and Energy Sector Entities
39
U.S. Emergency Services Sector Entities
274
U.S. and Int'l K-12 School Districts & Institutes of Higher Education
154
U.S. Healthcare Organizations
94
U.S. State, Local, Tribal, and Territorial Governments

CISA’s Pre-Ransomware Notification Initiative measurably reduces risk by warning organizations of early-stage ransomware activity. In 2023 we conducted more than 1200 pre-ransomware notifications to include 7 Water and Wastewater sector entities, 20 Transportation System sector entities; 17 Energy sector entities; 117 U.S. and 19 international K-12 school districts; 111 U.S. and 27 international institutes of higher education; 154 U.S. healthcare organizations; 39 U.S. Emergency Services sector entities; and 94 U.S. state, local, tribal, and territorial governments. 294 pre-ransomware notifications were also shared with 27 partner countries. 

See it in action: 

  • In February, CISA supported a Fortune 500 company suffering a $60M ransomware attack. This support led the company to establish a Chief Information Security Officer (CISO) position, make significant investments to their IT architecture, and implement improved security controls to be more cyber resilient. Additionally, CISA and the FBI held a joint cyber threat brief to provide more regional support.  

  • In 2023, CISA provided a notification to a mass transit partner, preventing a $350 million ransomware attack on critical transportation infrastructure.  

Through our Administrative Subpoena authorities, granted by Congress in 2021, we identified and drove mitigation of over 690 vulnerable devices used to control critical infrastructure such as power plants and water utilities.  

Through our Ransomware Vulnerability Warning Pilot, we conducted more than 1,700 notifications to organizations, including hospitals, water utilities, K-12 school districts, and election jurisdictions about open vulnerabilities on their networks that are specifically exploited by ransomware actors and enabled timely mitigation before intrusions occurred. This program is driven by our Vulnerability Scanning efforts, which now covers nearly 7,000 critical infrastructure and SLTT entities in every state.  

In 2023, CISA conducted more than 240 Cybersecurity Performance Goals (CPGs) assessments across the agency’s 10 regions nationwide. CISA released the CPGs in late 2022 to provide organizations of all sizes, across all sectors, and at every level of cyber maturity with clear, plain language cybersecurity recommendations. When implemented, the CPGs can help these entities reduce the impact of the most common or most impactful cyberattacks.

In 2023, CISA’s Joint Cyber Defense Collaborative (JCDC) initiated a collaborative cyber defense planning effort to support the awareness, security, and cyber resiliency of open source software in Operational Technology and Industrial Control Systems. By embracing open source principles, CISA not only champions inclusivity, but also fortifies the nation’s defenses against evolving threats.

Digital illustration of lines of code and network lines surrounds a computer in a dark room

In September 2023, CISA unveiled its Open Source Software Security Roadmap, marking a pivotal moment in bolstering national resilience. These comprehensive frameworks delineate a strategic path forward, fostering transparency, collaboration and innovation within the cybersecurity landscape.

On November 14, 2023, CISA published its first Roadmap for Artificial Intelligence (AI). This Roadmap outlines a whole-of-agency plan aligned with national strategy to promote the beneficial uses of AI to enhance cybersecurity capabilities, ensure AI systems are protected from cyber-based threats, and deter the malicious use of AI capabilities to threaten the critical infrastructure Americans rely on every day.

CISA Roadmap for AI

Shortly after the Roadmap publication, CISA and the United Kingdom’s National Cyber Security Centre jointly released Guidelines for Secure AI System Development addressing the intersection of AI and cybersecurity. Developed in cooperation with 21 other agencies and ministries from across the world, the Guidelines for Secure AI System Development are the first of their kind to be agreed to globally and will help AI system developers make informed cybersecurity decisions at every stage of the development process.

The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) requires CISA to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments to CISA. This will enable CISA to use reported information to fill critical information gaps, rapidly deploy resources, and render assistance to entities that are negatively impacted by cyber incidents, analyze and spot trends, and quickly share that information with network defenders to warn other potential victims. 

The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) requires CISA to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments to CISA. This will enable CISA to use reported information to fill critical information gaps, rapidly deploy resources, and render assistance to entities that are negatively impacted by cyber incidents, analyze and spot trends, and quickly share that information with network defenders to warn other potential victims. 

Throughout the year, CISA also continued to consult with Federal interagency partners during the development of the CIRCIA Notice of Proposed Rulemaking (NPRM). CISA reviewed the comments and other stakeholder inputs received and took those into consideration while drafting the NPRM. 

Recognizing that technology is an integral part of our modern lives, Congress tasked CISA with creating a cybersecurity awareness program to provide small businesses, communities and individuals with the guidance and tools they need to protect themselves online. CISA answered the call by launching the Secure Our World program in September 2023. We also engaged with Google, Microsoft, Mastercard, National Cybersecurity Alliance, and Global Cybersecurity Alliance, to reach a variety of audiences across the nation.

The program emphasizes four simple steps everyone should implement and continuously improve upon:

  • Use strong passwords and a password manager.
  • Turn on multifactor authentication.
  • Recognize and report phishing.
  • Update software.

The campaign featured CISA’s first-ever Public Service Announcement. The agency also collaborated with several government agencies and private sector organizations to promote the program. CISA worked with the Transportation Security Agency to produce a joint video sharing how everyday citizens can Secure Our World.

CISA is the operational lead for federal cybersecurity, charged with protecting and defending federal civilian executive branch networks (FCEB). 

 

 

Photo of Capitol Building with glowing network lines and lock overlayed on top of image
14 million
Known Exploited Vulnerabilities Remediated
900 million
Malicious DNS Requests Blocked
1,054
Confirmed Vulnerabilities Remediated

In 2023, we: 

  • Identified and drove mitigation of more than 14 million Known Exploited Vulnerabilities across the federal government using our Continuous Diagnostics and Mitigation (CDM) program and our Vulnerability Scanning tools. Across non-federal partners, we have driven mitigation timelines to be 36 days faster than a year ago.  

  • Onboarded 97 agencies onto our Protective Domain Name System service, which blocked 900 million malicious connections targeting federal agencies, disrupting a significant number of attempted attacks. Using new authorities from Congress, we are now deploying this same capability to under-resourced critical infrastructure organizations such as K-12 school districts and water utilities, with over 20 organizations already on board and nearly 100 in the deployment process. 

  • Onboarded 46 agencies onto the Vulnerability Disclosure Policy Platform, leading to identification and remediation of 1,054 confirmed vulnerabilities before they could be exploited by malicious actors.

  • Released multiple new open source tools to help the cybersecurity community, including Secure Cloud Business Applications tools for both Microsoft and Google cloud services. 

  • Issued two Binding Operational Directives, BOD 23-01 and BOD 23-02, resulting in real-time asset visibility across every federal agency and remediation of hundreds of exposed Network Management Interfaces. 

  • Continued to deploy advanced endpoint protections to nearly 50 federal agencies, reaching over 900,000 devices. These technologies give CISA unsurpassed visibility into threats and incidents targeting federal networks, allowing faster detection. Using new authorities and resources provided by Congress, we can now help agencies respond to cyber events in minutes rather than days or weeks. 

  • Led and coordinated the response to numerous significant incidents, including the compromise of Microsoft Exchange Online, which resulted in systemic changes to improve cloud security for all Microsoft customers. 

Return to Top

INFRASTRUCTURE SECURITY

INFRASTRUCTURE SECURITY

CISA leads the national effort to secure critical infrastructure by managing risk and enhancing resilience through collaboration with the critical infrastructure community.
Bomb Train Station Image

CISA is committed to building capabilities to prevent the use of explosives against critical infrastructure.

  • In 2023, CISA delivered 14 Explosive Blast Modeling assessments supporting two regional events.
  • CISA’s Technical Assistance Program was newly implemented across 12 communities to develop a whole-of-community Counter-Improvised Explosive Device (C-IED) capability assessment and provide resources that reduce risk to critical infrastructure.
  • In July, CISA’s Office for Bombing Prevention delivered its 500th course under the Empowered Trainer Program, which develops local training cadre and increases C-IED training capacity.
  • In September, CISA and the FBI released a dual sealed Bomb Threat Guide to aid decision makers during the initial assessment of bomb threats and provide response guidance.
  • CISA’s Bomb-Making Materials Awareness Program visited 5,000 business point-of-sale locations to educate them on the threat and availability of bomb making materials. 

Photo of power plant by the water at sunset

CISA hosted the 14th Chemical Security Summit in August. More than 300 people attended in person and an additional 700 attended online from the public and private sectors to collaborate on solutions to challenges facing the chemical industry.

DHS Secretary Alejandro Mayorkas provided remarks, making him the first Secretary of Homeland Security to speak at the Summit in more than a decade.

CISA’s regional chemical security staff conducted the first ChemLock on-site assessment and assistance visit this past year. ChemLock is a voluntary program established in November 2021 to provide facilities that possess dangerous chemicals with tailored, scalable, no-cost services and tools to improve their chemical security posture. In November 2023, we celebrated the 2nd anniversary of our ChemLock voluntary program, which provides facilities that possess dangerous chemicals with tailored, scalable, no-cost services and tools to improve their chemical security posture. 

Finally, while CISA’s Chemical Facility Anti-Terrorism Standards program, focusing on security at high-risk chemical facilities, celebrated the 15th anniversary in November of 2022, on July 28, 2023, the nation lost vital safeguards as the program’s statutory authority expired.

Photo of group of people working together on laptops and notebooks

CISA coordinates with stakeholders and experts to provide counsel and recommendations on protective measures that critical infrastructure organizations of all sizes can implement to protect facilities, venues, and public gatherings. In 2023, CISA:

  • Conducted 33 physical security exercises with more than 3,525 participants.
  • Conducted 78 active shooter webinars with more than 24,000 registrants.
  • Saw more than 54,000 successful completions of the IS-907 Active Shooter: What You Can Do training. 
  • Reached 23,000 subscribers to the “Active Assailant Security” topic in GovDelivery – a platform that connects the public to agency news.

The agency also published several products on physical security, including:   

See it in action: 

  • In April 2023, CISA conducted a full-scale exercise in the city of Detroit. This was the largest full-scale exercise the agency has conducted to date, pulling in partners from federal, state and local governments, as well as the private sector, with 780 participants from 24 different organizations. 

Image of plant worker examining computer monitors and factory in background

CISA conducts specialized security and resilience assessments on the nation's critical infrastructure. These voluntary assessments assist CISA and its partners—federal, state, tribal, territorial governments and private industry—in better understanding and managing risk to critical infrastructure.

In 2023, CISA:

Cyber image with secure lock and other icons.

Through our work on the Information and Communications Technology Supply Chain Risk Management (ICT SCRM) task force, CISA develops resources to keep the complex, globally interconnected ICT ecosystem secure and functioning.

In 2023, the ICT SCRM Task Force published three products to enhance global ICT supply chain resilience:

EMERGENCY COMMUNICATIONS

EMERGENCY COMMUNICATIONS

Ensuring the public safety, national security, and emergency preparedness communities can seamlessly and securely communicate during steady state and emergency operations to keep America safe, secure and resilient.
Woman looking at screens in lab

CISA offers a suite of priority services that support resilient and interoperable communications in times of network congestion or disruption.

The Priority Telecommunications Services (PTS) program covers wireline communications under Government Emergency Telecommunications Service (GETS), wireless voice communications under Wireless Priority Service (WPS), and priority repair and installation of critical voice and data circuits under Telecommunications Service Priority (TSP). These low-cost services facilitate collaboration and resiliency.

In 2023, GETS added 51,023 new subscribers, thanks in large part to focused outreach during the second annual Emergency Communications Month in April. In addition, WPS users increased by 283,357 subscribers. TSP also added restoration priority to 18,307 new circuits that support national security emergency preparedness missions. PTS Area Representatives conducted 372 engagements with stakeholders to provide training on the services and how they operate.

Group of professionals talking on a panel at a conference

Statewide Interoperability Coordinators (SWICs) in each state, territory, and the District of Columbia collaborate to enhance resilient, interoperable, and secure emergency communications.

CISA executed the second iteration of the SAFECOM Nationwide Survey from May to October 2023. The SAFECOM survey represents a crucial SWIC partnership outcome. Conducted every five years, the survey gathers actionable data to drive national emergency communication policies, programs, and funding.  Using this information, SAFECOM identifies gaps, establishes strategic priorities, and contributes to the Nationwide Communication Baseline Assessment by CISA.

In 2023, CISA received 5,338 responses from public safety organizations in all 56 states and territories and across federal, state, local, tribal and territorial levels of government. The results of this survey will help inform critical policy updates by helping public safety officials better understand emergency communications needs. Results are anticipated for release in spring 2024.

Two technical students wearing safety gear while learning to work on equipment

CISA continues to deliver training to support and promote public safety communications to achieve resilient, interoperable and secure emergency communications.

In 2023, CISA held:

  • 31 Information and Technology Service Unit (ITSU) Leader Courses and trained 457 ITSU students. This course is designed for emergency response professionals with a communications background and experience in information technology. It offers a comprehensive overview and practical exercises related to Unified Help Desk, IT Infrastructure Manager, Network Manager and specialized roles to ensure the effective delivery of IT services.
  • 111 of its Communications Unit (COMU) Leader Courses and trained 1,429 COMU students. The COMU course is tailored for emergency response professionals and support personnel with a communications background. It acquaints them with the role and responsibilities of a Communications Unit Leader within the National Incident Management System Incident Command System.

Photo of first responder in rural dirt field talking on a walkie talkie

CISA established the Rural Emergency Medical Communications Demonstration Project (REMCDP) to leverage existing technologies and engage non-medical professionals to help establish or sustain statewide medical communications systems while also using existing infrastructure to improve the delivery of rural medical care.

In 2023, CISA’s Emergency Communications Division’s Grants Policy Team implemented FY23 appropriations guidance that directs the agency to issue REMCDP grants and conduct technical assistance evolutions. The FY23 appropriations guidance kicked off what had traditionally been a bi-annual process on a new yearly cadence. In CY23, the program awarded $4.2 million to three recipients compared to $1.9 million awarded to one grant recipient in CY22.

Rear view of first responder checking security on computer monitors

As part of CISA’s effort to enable a resilient 911 ecosystem, we engaged with federal partners through quarterly summits and hosted the first Cyber Resilient 911 Symposium in Herndon, VA. This collaborative event gathered 911 stakeholders from CISA regions 1, 2, and 3 (Northeast region) to discuss the cyber threat landscape and to explore available tools, frameworks, and solutions. The symposium is a milestone on the path toward a secure and resilient 911 ecosystem, leading to enhanced cybersecurity measures for 911 communities across the country.

PARTNERSHIPS AND COLLABORATION

PARTNERSHIPS AND COLLABORATION

Partnerships and collaboration are our foundation and the lifeblood of what we do. Through our operational outreach, Industry Engagement Program, and contract activities, CISA continues to stress our strong industry engagement.

In August 2023, CISA kicked off a broad effort to promote resilience across critical infrastructure by communicating the imperative principles and priorities of resilience in accessible and meaningful ways and empowering stakeholders to take action where they are and ask for support for where they want to be. A key part of this effort was the November launch of Shields Ready, CISA’s campaign to encourage the critical infrastructure community to focus on strengthening resilience.

Shields Ready, which complements CISA’s successful “Shields Up” campaign, focuses more broadly and strategically on how to prepare critical infrastructure for a potential disruption and how to build more resilience into systems, facilities and processes by taking action before a crisis or incident even occurs. Shields Ready aligns with and complements FEMA’s Ready campaign and is a call to action to prioritize resilience now.

Throughout the year, the JCDC, which plays a crucial role in enhancing the nation’s cyber resilience and safeguarding critical infrastructure, continued to evolve and adapt to the ever-changing cyber threat landscape, achieving remarkable results.

Joint Cyber Defense Collaborative

Its remote monitoring and management capabilities were highlighted in the 2023 JCDC Remote Monitoring and Management Cyber Defense Plan. By leveraging cutting-edge technology and collaborative efforts, the JCDC demonstrated an unparalleled ability to proactively detect and respond to cyber threats. With a focus on real-time threat intelligence and rapid response, the JCDC’s efforts led to a significant reduction in response times, ultimately safeguarding critical systems and networks across various sectors.

JCDC in Action: JCDC Participants Share Real-Time Threat Information on NetScaler Vulnerability Post-Exploitation Activity

  • Since July 2023, JCDC participants, including Mandiant, Shadowserver, GreyNoise, and ZeroFox, have provided continuous insight into post-exploitation activity of the NetScaler (formerly Citrix) Application Delivery Controller and NetScaler Gateway vulnerability (CVE-2023-3519). Recognizing the importance of open multi-directional communication, CISA established real-time information sharing with industry partners possessing advanced insight into exploitation of the vulnerability. Read more: Joint Cyber Defense Collaborative.

Joint Cybersecurity Advisories—which are coordinated with CISA partners, including JCDC participants—draw on the contributions and technical insights of a diverse community of experts, boast heightened credibility because they have the endorsement of a range of trustworthy cybersecurity organizations, and have a greater audience reach than those disseminated only through CISA channels.

USA and South Korea flags waving in the wind
48
Joint-Sealed Cybersecurity Advisories

In 2023, CISA released 48 joint-sealed Cybersecurity Advisories.  This includes first-time co-sealed products with:

In March 2023, CISA and the State Department co-hosted the first in-person event, a resilience workshop, for Ukraine in Warsaw. In April 2023, Ukraine’s State Service of Special Communications and Information Protection (SSSCIP) held their first Critical Infrastructure Resilience Exercises based on CISA guidelines. CISA also provided technical advice in scenario development, exercise conduct, and facilitation for exercises in May and October 2023. 

CISA leadership continues to meet with Ukrainian officials in collaboration with the Department of State and U.S. Embassy Kyiv to discuss expanding support.  July 2023 marked a year since CISA and Ukraine’s SSSCIP signed a Memorandum of Cooperation to strengthen operational collaboration on shared cybersecurity priorities. With more than a year of successful collaboration, the SSSCIP and CISA are continuing to expand their future partnership with closer cooperation through sharing information and practical experience to build a more secure cyber landscape in Ukraine.   

CISA worked with international partners on a number of important issues in 2023, including Secure by Design and Smart Cities.

 

 

 

Two hands shaking overlayed with glowing orbs and lines
  • In January 2023, U.S. Department of Homeland Security and Japan signed a Memorandum of Cooperation on cybersecurity to strengthen operational collaboration. The JCDC has worked closely with Japan’s Computer Emergency Response Team to monitor cyber threats and share information on emergent vulnerabilities.
  • In February 2023, CISA, the Federal Bureau of Investigation, National Security Agency and Korea issued a Joint Advisory on state-sponsored ransomware activity.
  • CISA also co-chairs one of two action groups under the bilateral Cyber Framework signed by the U.S. and Republic of Korea in April 2023.
  • In September, CISA Director Jen Easterly co-hosted an in-person strategic dialogue with the United Kingdom’s National Cyber Security Centre’s CEO Lindy Cameron. Attended virtually by other international partners, the event was designed to build off the Strategic Dialogue on Cybersecurity of Civil Society Under Threat of Transnational Repression signed in March 2023.

CISA has taken strides in 2023 to promote interoperability on a global level by building, sustaining, and advancing international partnerships. The agency has participated in several international engagements: the U.S. State Department’s 5G Security and Open RAN Opportunities Conference in Johannesburg, South Africa; European Emergency Number Association’s 2023 Conference in Ljubljana, Slovenia; and the 2023 Public Safety Communications Europe’s annual forum in Lavrion, Greece, just to name a few.

Digital illustration of city buildings protruding from globe with glowing hubs and network lines

CISA’s Global Innovation Initiative continues making incredible strides developing strategy that brings together the important work of emergency communications in critical infrastructure across the globe to achieve the same goal: safety of citizens because of the availability of resilient, interoperable, and secure emergency communications.

As we welcome in the next generation of technology and cybersecurity, we need to develop better practices to improve how we manage risk.

 

 

Employees sitting in front of several computer and tv monitors in an operations center
  • On April 5, 2023, the National Infrastructure Simulation & Analysis Center (NISAC), CISA’s research and development arm for risk analysis, deployed the second version of the Suite of Tools for the Analysis of Risk (STAR) to the Modeling Capability Transition Environment. STAR v2 includes over 15 new capabilities, allowing users to answer new analytic questions that identify vulnerabilities and consequences across the nation’s Critical Infrastructure. 

  • In July 2023, CISA and the National Security Agency released 5G Network Slicing: Security Considerations for Design, Deployment, and Maintenance to address some of the identified threats to 5G standalone network slicing. 

In 2023, CISA met with industry professionals across 774 events, held 313 one-on-one meetings with vendors, hosted 24 industry days, and held 127 vendor engagements with a CISA panel. CISA also held more than 1,100 contract specific industry engagements providing industry insight into upcoming 2023 CISA Contract Opportunities. As a result of the contract-specific industry engagements, CISA executed more than 1,000 contract actions with a value of over $2 billion.

Rear view of audience watching panel discussion
774
Events
313
One-on-One Meetings with Vendors
24
Industry Days
217
Vendor Engagements
1,100+
Contract Specific Industry Engagements
1,000+
Contract Actions

CISA is dedicated to working across the broader community to ensure qualified individuals from every background and walk of life have an equal opportunity to work in the field of cybersecurity.

 

Group of students working together on computer
45+
Higher Education Engagements
14
K-12 Micro-Challenges

In 2023, CISA continued to help build the next generation of cyber talent in a variety of ways:

As the threat landscape evolves, so too has CISA adapted to bring on the best talent and brightest minds in the field to stay ahead of our adversaries. The agency hired its first Chief People Officer to drive our people-first culture our and One CISA initiative. Our dedication to diversity and inclusion continues to grow.

 

CISA employees smiling while working on laptops in a bright conference room
591
Employees Onboarded in 2023
44%
Female
38%
Underserved Race/Ethnicity

In Selected Executive Service (SES), GS15, and GS14 positions, representation by the Black or African American community remained stable at 15% during the 2023 calendar year while the Hispanic / Latino and Asian communities increased by 20% and 5.4% respectively. CISA’s female community during the calendar year remained stable at 33%. 

Supervisory hires at SES, GS15, and GS14 was stable with the female supervisor community at 32% while underserved race/ethnicities maintained at 29%. CISA onboarded 591 employees in 2023, 44% of whom were female and 38% of whom were from an underserved race/ethnicity. 

CISA declared 2023 as the “Year of Leadership and Learning,” a unique initiative to emphasize leadership excellence and promote our core principle to “Commit to a Lifetime of Learning.” We recognized the year’s theme by hosting more than 32 virtual Town Hall meetings with an average attendance of 1,300+ on topics ranging from culture to leadership. CISA also had approximately 400 supervisors and managers participate in at least one leadership development course or program.   

Return to Top

REGIONAL SUPPORT

REGIONAL SUPPORT

CISA carries out its work across the nation through its 10 regional offices.
Photo of CISA employees working by laptop and tv monitors

Using the expertise and leveraging strategic partnerships of our regional personnel, CISA provides situational awareness, information sharing, technical assistance, outreach, cybersecurity notifications, and incident response coordination.

During response operations, CISA deploys staff to support state, local, tribal, and territorial government partners, providing emergency communications, critical infrastructure recovery coordination and advanced technical services to assist with federal response and recovery operations. In 2023, CISA regional staff supported 328 incidents and 643 special events.

Additionally, through its National Risk Management Center, CISA received, triaged and responded to 103 requests for information. These incident response activities included the development of infrastructure of concern lists, quick-turn impact assessments, and contributions to the Hurricane Idalia Infrastructure Outlook Brief.

See it in action:

  • In 2023, a CISA Physical Security Advisor and a Cyber Security Advisor in Iowa conducted individualized Protective Visits and completed Cybersecurity Performance Goals (CPGs) assessments in 90 of 99 counties. As a result, 71 of the counties now have completed CPGs in place. 
  • Thanks to participation in tabletop exercises and cybersecurity protective visits, 97 of these counties are now members of the Elections Infrastructure Information Sharing and Analysis Center.

Photo of poll worker assisting line of voters

CISA is committed to strengthening our election infrastructure security mission to better support election officials across the nation.  

Throughout 2023, we conducted training, large-scale elections infrastructure exercises, customized presentations, speakers series, and more, reaching thousands of local, state, federal, international, and private sector entities with a role in election security and resilience.  

  • We participated in more than 100 elections security engagements reaching nearly 14,000 stakeholders.
  • Tabletop the Vote, CISA’s annual national elections exercise, included more than 1,300 participants from 45 states, 12 federal departments and agencies, and 13 sector partners, addressing cyber and physical security challenges to election infrastructure and devising ways to mitigate the biggest threats. 
  • In July 2023, CISA established dedicated election security advisors (ESAs) in each of CISA’s 10 regions to provide support and resources to promote secure elections. These ESAs work directly for CISA’s Regional Directors and with the agency’s cybersecurity and protective security advisors to ensure CISA’s capabilities and services are being optimally employed to meet the unique needs of each state or locality. 
  • Delivered approximately 1,600 tailored products to state and local election officials and election technology vendors to increase understanding of risks to election infrastructure. These tailored products provide stakeholders tools to train election workers, communicate their security practices, and increase awareness of available services.

State and Local Cybersecurity Grant Program graphic

In August 2023, the Department of Homeland Security announced year two of the State and Local Cybersecurity Grant Program (SLCGP).

The SLCGP is a first-of-its-kind cybersecurity grant program specifically for state, local and territorial governments across the country. Established by the Infrastructure Investment and Jobs Act of 2021 and implemented jointly by CISA and the Federal Emergency Management Agency, this program will provide $1 billion across a four-year span.

In September 2023, CISA and FEMA announced the of Notice of Funding Opportunity for the Tribal Cybersecurity Grant Program, allocating $18.2M million to bolstering cybersecurity among federally-recognized tribes.

Photo of emergency responders assisting person during an exercise

In 2023, CISA’s National Cyber Exercise Program conducted 129 cybersecurity and resilience exercises around the nation with 9,740 participants. 

Conclusion

Conclusion

As we look forward in 2024, the risks we face now will continue to evolve. Advanced persistent threat actors like China threaten the integrity of our critical infrastructure. Increasingly severe weather, wildfires, and other natural hazards are creating additional risks that critical infrastructure facilities must work into their planning. Extremists are likely to continue to target organizations that are meant to be open and welcoming—such as faith-based communities. Artificial intelligence will continue to evolve at an awe-inspiring pace, bringing with it both potential for good and new opportunities for bad actors. And 2024 is promising to be an election year like no other.  

Despite the risks surrounding us, America was designed to be resilient. This country has faced and overcome numerous challenges since its inception, and we will continue to do so—together. There is no total guarantee of a risk-free, completely secure environment, so we must all plan and prepare to be recover quickly if—and when—we face a crisis.  As the nation’s cyber defense agency and national coordinator for critical infrastructure security and resilience, CISA will continue to develop and deliver tools, training, technical expertise, and other resources to help our critical infrastructure partners increase their own resilience to evolving risks. It is also incumbent on every organization, large or small, to take responsibility for their own security and resilience. Therefore, we challenge everyone to make 2024 the year we Resolve to be Resilient.