CISA Pushes Collaborative Strategy to Strengthen Cyber Defenses

Acting Director of the Cybersecurity and Infrastructure Security Agency Nick Andersen called on state and local governments to help “collectively raise the cybersecurity baseline.”  

CISA serves as the national coordinator for critical infrastructure security and works with partner agencies to defend against cyber threats; its focus is on protecting federal infrastructure. But the same guidelines and warnings they provide federal partners, they also disseminate to state governments, Andersen said last week at the Billington State and Local Cybersecurity Summit in D.C. 

“On the same day that we’re talking to the federal government partners, we’re holding these State, Local, Tribal and Territorial (SLTT) Security Operations Center (SOC) calls,” he said. “We say, ‘this is exactly what we’re doing on the federal government side. Here are the guidance, and here’s the implementation instructions that we’re providing to our consumers directly within that defensive mission. And here’s how we think that should be applied there.’” 

Andersen, a former CISO for the state of Vermont, said it’s important for state officials to understand their risk and threat profile so they can reasonably articulate that risk in order to begin resilience planning. CISA provides a service portfolio, hands-on advisors, and regional and emergency service advisors to help state and local governments increase their cybersecurity. 

Additionally, CISA released a directive last month requiring federal civilian agencies to remove edge devices from their networks. Andersen said edge devices are problematic because they provide entry points into networks and infrastructure. 

“We’re constantly affected by nation-state level threat actors that are attempting to find any potential vulnerability that would be exploited. We continue to see many novel zero days continue to be exploited within this environment,” he said. “The very least that we can do is harden that edge and make it just a little bit more difficult to be taken advantage of in that regard.” 

Stalled Congress 

CISA’s continuous push to strengthen cybersecurity comes amid a partial government shutdown at the Department of Homeland Security, which houses CISA. When Congress passed its final appropriations bills last month, it excluded DHS over partisan concerns about immigration enforcement tactics. Since then, lawmakers have been unable to find a funding path forward for the department, leaving CISA without funding and 65% of its staff furloughed. 

Christine Glassner, CISA’s chief external affairs officer, said it’s up to everyone, especially cyber experts, to help inform lawmakers about the importance of cybersecurity in an effort to solve the funding issue. 

“It’s that teamwork effort that we use our voices and our expertise to make sure that we’re letting our legislators know exactly what type of funding and why it’s needed,” she said. “That’s really what this is, is making certain that our cyber systems are secure, that they are protecting our critical infrastructure systems. And we know we need funding for that, but at the same time, we need to be able to show them that we are spending the money wisely, that there is long-term gain and we’re able to account for that.” 

The Looming Threat of Iran-Linked Cyberattacks  

The Pentagon launched Operation Epic Fury in the early hours of Feb. 28, striking command and control facilities in Iran. Air Force Gen. Dan Caine, chairman of the Joint Chiefs of Staff, said during a Pentagon press briefing that the U.S. has a three-pronged mission in the region: eliminate Iran’s ballistic missile systems, destroy the Iranian navy and ensure Iran cannot rebuild its combat capability or obtain nuclear weapons.  

Cyber experts indicate there is “significant evidence that Iran will retaliate in cyberspace.”   

“Iran’s capacity to execute this campaign is well-documented, given its demonstrably sophisticated cyber capabilities,” according to the Center for Strategic & International Studies. “Taken together, these operations reflect a maturing offensive cyber program capable of targeting both civilian infrastructure and critical national systems.” 

As part of DHS’ official shutdown contingency plan released in September 2025, the department said it would reduce CISA’s staff to 35% in the event of a funding lapse.  

During the shutdown, CISA will cancel: physical and cybersecurity assessments for critical infrastructure owners, simulation exercises, stakeholder trainings and development meetings, international engagements and public speaking engagements and presentations. 

Regardless of the funding lapse, the agency will continue to provide essential functions needed for “the safety of human life or protection of property,” former CISA Acting Director Madhu Gottumukkala said at a congressional hearing in February. Additionally, the agency will provide imminent threat response, timely vulnerability and incident information, its 24/7 operations center and cybersecurity shared services. 

CISA will “continue to stand ready as the nation’s cyber defense agency and national coordinator for critical infrastructure security and resilience,” Andersen said.