The Cybersecurity and Infrastructure Security Agency will spend the next three years measuring the success of the government’s effort to protect both publicly and privately controlled critical infrastructure from cyberattacks.
According to a national plan the agency just released to take it through 2025, CISA’s strategy will involve performance goals that were due at the end of July under a national security memorandum addressing cybersecurity for industrial control systems used in critical infrastructure. The agency is planning to issue them sometime in October—cybersecurity awareness month—CISA Executive Assistant Director for Cybersecurity Eric Goldstein said Thursday before lawmakers on the House Homeland Security Committee.
“Where appropriate within CISA authorities, we will set standards and recommendations to guide security decisions, much like our efforts to establish performance goals and increase the cross-sector cybersecurity baseline,” the CISA plan reads.
Measuring progress in cybersecurity has been a notorious sore point from the start of targeted policymaking efforts on the issue. Going back to 2013, when the National Institute of Standards and…
