CISA unveils cybersecurity plan to protect federal agencies

The CISA has released a federal plan to improve cybersecurity coordination and defense across over 100 federal agencies. 

What happened

On September 16, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) unveiled the Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL) Plan. The initiative aims to improve the operational cybersecurity posture of over 100 federal agencies, recognizing the unique mission and independent architecture of each agency. As the operational leader in federal cybersecurity, CISA emphasized the need for a coordinated approach to mitigate risks and strengthen defenses against cyber threats that target interconnected government systems and data. 

Going deeper: The priority areas of the FOCAL plan

Asset management:

• Understand the cybersecurity environment, including interconnected assets and operational terrain. 
• Maintain an up to date inventory of all assets. 

Vulnerability management: 

• Proactively protect the enterprise attack surface. 
• Regularly assess and enhance defensive capabilities. 

Defensible architecture: 

• Design cyberinfrastructure with resilience in mind, anticipating that security incidents will occur. 
• Implement security measures that can withstand and recover from attacks. 

Cyber supply chain risk management (C-SCRM): 

• Identify and mitigate risks posed by third-party vendors and supply chain dependencies. 
• Ensure that federal IT environments are secure from external threats. 

Incident detection and response: 

• Improve capabilities of Security Operations Centers (SOCs) for detecting and responding to security incidents. 
• Develop strategies to limit the impact of security breaches.
  
  

What was said 

CISA Executive Assistant Director for Cybersecurity, Jeff Greene, stated: “Federal government data and systems interconnect and are always a target for our adversaries. FCEB agencies need to confront this threat in a unified manner and reduce risk proactively. The actions in the FOCAL plan orient and guide FCEB agencies toward effective and collaborative operational cybersecurity and will build resilience. In collaboration with our partner agencies, CISA is modernizing federal agency cybersecurity.”

The big picture 

The FOCAL Plan influences healthcare organizations in the context and increasing digital interconnectivity within healthcare systems. Healthcare organizations, like federal agencies, handle protected health information (PHI), highly valuable to cybercriminals. The FOCAL plans emphasis on areas like Asset Management and Vulnerability Management can directly impact how healthcare organizations approach their own cybersecurity. By adopting similar strategies, healthcare organizations can better understand their operational terrain. 

Related: HIPAA Compliant Email: The Definitive Guide 

FAQs

What is the CISA? 

The CISA is a U.S. government agency responsible for strengthening cybersecurity and infrastructure protection across federal agencies. 

What is zero trust architecture? 

Zero trust architecture is a security model that assumes no trust inside and outside a network and requires continuous verification of all users, devices and systems. 

How do federal responses influence organizations in sectors like healthcare?

Responses like the CISA’s guidelines, influence healthcare organizations by providing cybersecurity frameworks and best practices that help them strengthen their defenses.