CISA, the Cybersecurity and Infrastructure Security Agency, has released a new security plan which intends to provide comprehensive protection of critical infrastructure in the United States, the FY 2025-2026 CISA International Strategic Plan. This is the first security plan of its kind and it is broken up into three segments: first, it aims to bolster the resilience of foreign infrastructure on which the U.S. depends, next it will work towards strengthening integrated cyber defense, and finally, to unify agency coordination of international activities.
Much like Industrial Defender, CISA’s main goal as an organization is to realize safe and secure infrastructure for the American people. CISA recognizes that much of U.S. infrastructure is inherently dependent or interwoven with foreign nations in our increasingly interconnected world. In order to enhance security efforts, CISA will work closely with these foreign infrastructures that are connected with U.S. sectors such as: pipelines, telecommunications, and essential supply chains. Global terrorism is a consistent threat to the U.S. and it is crucial for CISA to maintain close exchanges with foreign partners and support influence standards, regulations, and policies to advance homeland and national security objectives.
It is particularly important to create and maintain strong international cyber partnerships in order to mitigate risk and minimize disruption to our national critical functions. CISA recognizes this importance and will aim to foster transparency internationally through adoption of software bills of materials, secure AI systems, open-source security, and coordinated vulnerability disclosures. Industrial Defender aligns with the call for stronger visibility around industrial cyber risks, working with organizations to gain clear insight into their OT environments, monitor those environments for change and provide visibility into what vulnerabilities are already in their OT network.
CISA seeks to increase trust and operational collaboration through bilateral and multilateral engagements with international partners by expanding participation in CSIRT-CSIRT (Computer Security Incident Response Team) engagements. This will be achieved through increasing not only the number of trusted international CSRIT partners, but also the percent of bilateral and multilateral CSIRT engagements that reduce combined risk. The number of CSIRT partners that apply recommended risk mitigations prior to exploitation will also be expanded. By growing these sectors, CISA will be actively enabling cyber defense with partners in order to reduce collective risk.
The final goal of this security plan is to unify agency coordination of international activities. CISA understands that a good international plan is only as effective as it is unified, and in order to maintain the level of internal unity desired they will be working towards internally prioritizing, coordinating, and aligning international activities through improved organization and governance, integrated functions, and a well-trained workforce. As CISA has an inherent domestic focus, it is important to provide the workforce with skills necessary to navigate and influence international systems.
As this is CISA’s first iteration of the plan, and the global cyber landscape constantly evolves, CISA will be meeting quarterly in order to review progress. To view the full plan, visit: https://www.cisa.gov/2025-2026-cisa-international-strategic-plan.
To learn more about how Industrial Defender supports enhanced OT visibility, implementation of security best practices, and assessment against various directives, compliance frameworks and regulations enforced nationally and internationally, please check out our resource below.
