CISA 2022 Year in Review highlights national effort to understand, manage, reduce risk to cyber, physical infrastructure

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released its 2022 Year in Review highlighting the extensive work of CISA and its partners over the past year to protect the nation’s critical infrastructure. The agency highlights key achievements in ensuring secure and resilient critical infrastructure for the American people while relying on collaboration with every industry; federal, state, local, tribal, territorial, and international governments; and nonprofits, academia, and the research community. 

The Year in Review is organized around the four goals outlined in the agency’s Strategic Plan, released last September, which focuses on cyber defense, risk reduction and resilience, operational collaboration, and agency unification. 

“The plan clearly lays out our mission and vision and sets the path for where we will prioritize our efforts over the coming years, and, importantly, how we will measure our performance, with a focus on outcomes, not just activity,” the CISA report said. “This last piece is a challenge as anyone in the business of security will know, as you’re essentially making investments so bad things don’t happen. That said, we specifically added the word ‘reduce’ into our mission statement this past year to hold ourselves to a higher standard of accountability for truly improving the resilience of our infrastructure.” 

CISA launched its nationwide Shields Up campaign to safeguard domestic critical infrastructure from potential cyber attacks stemming from Russia’s invasion of Ukraine. The cyber defense agency started the campaign in late 2021 to warn critical infrastructure owners and operators to put their Shields Up and protect their systems from potential Russian cyberattacks intended to deter the U.S. from assisting Ukraine against Russia’s unprovoked invasion. The campaign included hundreds of briefings to thousands of stakeholders across the nation, and a web page hosting CISA’s information on the threat environment, along with technical details and mitigations for network defenders on the latest malicious activity.  

As the operational lead for federal civilian cybersecurity, CISA works towards advancing the security and resilience of government systems. 

The CISA Year in Review report said that in 2022, “we made revolutionary advances in this mission. Using new authorities and resources provided by Congress, we deployed new technologies across nearly 50 federal agencies, with more coming online every month. These technologies provide an unsurpassed level of visibility into threats and incidents targeting federal networks, allowing faster detection and reducing damaging impacts from our adversaries.”

CISA also used its authorities to issue Binding Operational Directive 22-01, which has transformed how organizations within the federal government and around the world prioritize vulnerabilities by driving a focus on those weaknesses that threat actors are using to cause harm. “Finally, we took significant steps to implement new authorities from Congress to conduct persistent threat hunting and ‘red team’ assessments, launching new programs that will allow greater confidence in the security of the highest-risk federal systems,” the Year in Review report added.

In October, CISA released a set of cross-sector Cybersecurity Performance Goals (CPGs) to establish a common set of fundamental cybersecurity practices for critical infrastructure, with a particular focus on helping small- and medium-sized organizations, many of which form the supply chain across corporations, improve their cybersecurity efforts. Developed at the direction of the White House, the CPGs lays out highly impactful actions organizations can take to mitigate many common threats to critical infrastructure IT and OT (operational technology) environments. The CPGs are based on extensive feedback from hundreds of organizations across the government and the private sector, including our international partners. 

Established by Congress in 2021, the Joint Cybersecurity Defense Collaborative (JCDC) aims to fundamentally transform “how we reduce cyber risk to our country: through continuous operational collaboration between trusted partners in the public and private sectors and by conducting rigorous planning to address the most significant threats before damaging intrusions occur,” the CISA said in its Year in Review report. 

JCDC expanded in April 2022 to include industrial control systems (ICS) security vendors, integrators, and distributors. These critical industry experts will help further increase the U.S. government’s focus on the cybersecurity and resilience of industrial control systems and operational technology (ICS/OT). Last week, CISA added T-Mobile, SentinelOne, and NTT to the JCDC initiative. The move brings together cyber defenders to generate and share actionable data that can help with effective cybersecurity, pooling resources to analyze, assess and monitor the relevant information to create an integrated strategy for prevention, defense, and response against cyber threats.

In December 2021, CISA announced and launched its inaugural Cybersecurity Advisory Committee (CSAC) meeting. The CSAC is a federal advisory committee of 22 private sector leaders across diverse professions and communities. The Committee was created to provide recommendations on the development and refinement of CISA’s cybersecurity programs and policies. CISA said in its Year in Review report that “in FY22, the CSAC held four quarterly meetings and 94 subcommittee meetings and provided CISA’s Director with 53 recommendations that will keep us well-positioned to address threats in a rapidly changing cybersecurity landscape.”

Another CISA initiative covered in its Year in Review report includes the establishment of the Cyber Safety Review Board (CSRB) to review and assess significant cybersecurity events so the government, industry, and broader security community can better protect the nation’s networks and infrastructure. 

The Board’s first report, released last July, reflects its inaugural review of the vulnerabilities in the Log4j software library. Log4j software is integrated into millions of systems, and a vulnerability in such a ubiquitous piece of software impacts companies, organizations, and governments all over the world. 

In December, the U.S. Department of Homeland Security (DHS) announced that the CSRB will review the recent attacks associated with Lapsus$, a global extortion-focused hacker group. The CSRB will develop actionable recommendations for how organizations can protect themselves, their customers, and their employees in the face of these types of attacks.

“As one of the youngest agencies in the federal government, we’ve grown significantly each year in capability and capacity, collaborating with our myriad of partners to reduce risk to the cyber and physical infrastructure American’s rely on every hour of every day,” Jen Easterly, CISA director, said in a media statement. “2022 has been an especially productive year for our team and our partnerships and we look forward to continuing this momentum into 2023.”

In its conclusion, the CISA Year in Review report said that throughout FY22, “we accomplished much to advance our vision of secure and resilience infrastructure while laying the groundwork for ever deeper and increasingly substantial efforts in the coming years. Many of the projects launched this past year—like the cybersecurity grant program for state, local and territorial governments, implementation of CIRCIA, and the Cybersecurity Performance Goals—are multi-year efforts that will mature and expand in FY23 and beyond.” 

“Building on CISA’s Strategic Plan, the agency will produce supporting strategies, including the Stakeholder Engagement Strategic Plan that was released in October and a Cybersecurity Strategic Plan to be released in early 2023, to guide our efforts over the coming years,” the Year in Review report added.

Last month, the National Security Agency (NSA) issued its 2022 Cybersecurity Year in Review, which highlighted the agency’s effectiveness in providing cybersecurity solutions using alliances to increase velocity and maneuverability. The NSA report said that their mission of cybersecurity integrates cryptography, signals intelligence, vulnerability analysis, and defensive operations to mitigate possible cyber threats to the networks of the Department of Defense (DoD), National Security Systems (NSS), and Defense Industrial Base (DIB).

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.