CISA 2025 Year in Review focuses on driving security and resilience across critical infrastructure
CISA 2025 Year in Review focuses on driving security and resilience across critical infrastructure
Publish Date: 2026-02-13 11:08:00
Source Domain: industrialcyber.co
Using an unordered list, summarize the following article with between 4 and 8 key points.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released its 2025 Year in Review, outlining key actions taken to strengthen the nation’s cyber and physical defenses. The report highlights progress across critical infrastructure security, operational resilience, and interagency collaboration, framing the agency’s work within shifting threat conditions and evolving policy priorities. CISA notes that its objectives adapt each year to reflect changes in the risk landscape and align with administration-directed mission goals.
Titled CISA’s 2025 Year in Review: Driving Security and Resilience Across Critical Infrastructure, the report states that the agency modernized operations, accelerated threat response efforts, and worked closely with government and industry partners to safeguard critical infrastructure while maintaining responsible stewardship of taxpayer funds.
Among the highlights, CISA strengthened collective defense by publishing more than 1,600 cybersecurity products and triaging more than 30,000 incidents through its 24/7 Operations Center to help keep critical systems secure. The agency reported blocking 2.62 billion malicious connections across federal civilian networks and 371 million across critical infrastructure environments. It also led 148 cyber and physical security exercises involving more than 10,000 participants to help partners refine emergency response plans and strengthen resilience at both local and national levels.
Following Executive Order 14305, “Restoring American Airspace Sovereignty,” CISA in November released the Be Air Aware suite of security guides to help organizations detect, respond to, and safely manage threats posed by unmanned aircraft systems. The agency said these efforts lay the groundwork for its 2026 priorities as it continues to bolster protections for the nation’s critical infrastructure.
“The Year in Review is more than a report – it’s proof of CISA’s unwavering commitment to protecting the infrastructure and systems Americans count on every day,” Madhu Gottumukkala, CISA’s acting director, said in a Wednesday media statement. “From safeguarding federal networks to equipping communities with tools to reduce risk, our team delivered measurable results in 2025. And we’re not slowing down – we will lead with innovation, resilience and partnership to stay ahead of tomorrow’s threats.”
Gottumukkala said the agency’s work reflects a continued commitment to efficient, resilient, and modernized operations that position it to protect the nation’s infrastructure, way of life and people. CISA published more than 1,600 products and triaged more than 30,000 incidents reported to its 24/7 Operations Center, taking a proactive approach designed to strengthen collective defense and safeguard the systems Americans rely on each day.
In critical infrastructure protection, the agency conducted 148 cyber and physical security exercises involving more than 10,000 participants, giving state, local, tribal and territorial (SLTT) governments, industry partners and federal stakeholders structured opportunities to test emergency plans, identify gaps, and improve community and national resilience.
CISA is expanding efforts to improve visibility across federal networks and strengthen proactive threat hunting by increasing deployment of its Endpoint Detection and Response Persistent Access Capability. By enabling continuous, authorized access to agency environments, the capability allows CISA to detect, investigate and respond to advanced persistent threats and other malicious activity in near real time.
In 2025, the 2025 Year in Review disclosed that the agency scaled Endpoint Detection and Response deployments to more than 60 federal agencies, with more than 500,000 endpoints visible through Persistent Access Capability. Over the same period, CISA blocked 2.62 billion malicious connections across the federal civilian network and 371 million within critical infrastructure environments.
CISA strengthened protection of critical national systems by delivering analysis, risk assessments and coordination across priority areas such as undersea cables, space systems and ICT supply chains. Through classified and unclassified reporting, particularly on undersea cable infrastructure, the agency provided federal and regional partners with actionable insights to support proactive risk mitigation and resilience planning amid evolving threats.
The agency expanded its CyberSentry Program to 42 voluntary critical infrastructure partners, delivering advanced threat detection and monitoring for networks supporting National Critical Functions. This capability strengthens defenses against sophisticated cyber threats targeting essential services, allowing CISA to support partners in detecting and remediating malicious cyber threat activity targeting critical infrastructure.
CISA’s Known Exploited Vulnerabilities Catalog remains a key resource for federal, SLTT governments, and private sector organizations. In fiscal year 2025, the agency added 238 high-risk vulnerabilities to the catalog to help organizations identify and remediate active threats more quickly. To further reduce risk, CISA assessed and scored more than 43,000 vulnerabilities using its Stakeholder-Specific Vulnerability Categorization framework, a decision-tree model that converts complex technical data into clear remediation priorities so IT teams can focus on the flaws most likely to be exploited.
CISA published 42 joint products with federal partners, including 23 developed with both federal and international collaborators, delivering actionable technical guidance to help organizations navigate a more complex threat landscape. These resources are designed to protect sensitive data, secure critical systems and support operational continuity.
In August, the 2025 Year in Review mentioned that the agency released the Software Acquisition Guide: Supplier Response Web Tool, a no-cost interactive resource that helps government and industry decision-makers integrate cybersecurity best practices into procurement processes. In September, CISA, working with the National Security Agency and 19 international partners, issued a Software Bill of Materials for Cybersecurity Guide to help organizations identify software components, assess supply chain risk and take informed steps to protect critical systems, particularly as reliance on third-party and open-source code grows.
In December, CISA introduced Cross-Sector Cybersecurity Performance Goals 2.0, updating its guidance to reflect current adversary tactics and the latest National Institute of Standards and Technology Cybersecurity Framework, and providing critical infrastructure owners and operators with practical steps to prioritize investments, address security gaps and strengthen defenses.
In fiscal year 2025, the CISA disclosed and helped mitigate a series of high-impact vulnerabilities across critical sectors. The agency partnered with the Food and Drug Administration to address flaws in foreign-manufactured patient monitors, resulting in a manufacturer recall and a U.S. import ban. It worked with the U.S. Coast Guard to remediate vulnerabilities in a system used by 80% of the world’s ports, and coordinated with major rail operators and the Department of Transportation to fix weaknesses in train automation protocols.
CISA also collaborated with the Federal Aviation Administration to mitigate vulnerabilities in commercial airline collision avoidance systems and responded to security flaws in off-grid mesh radio devices used by U.S. military customers. Together, these actions highlight the agency’s role in driving transparency and interagency coordination to protect critical infrastructure.
In 2025, CISA’s Red Team Capabilities team achieved several critical milestones that advanced the agency’s operational efficiency and helped stakeholders harden their systems. These milestones include a 25% reduction in overall cloud infrastructure costs achieved through targeted downsizing and optimization of usage models, improving resource allocation and efficiency. The agency also developed multiple zero-day exploits and identified Common Vulnerabilities and Exposures used to strengthen security controls and detection capabilities across federal executive branch networks.
When it comes to securing the nation, the frontlines are in local communities. CISA works throughout the year to help these communities understand their risks and strengthen resilience through training, exercises and other activities.
Last August, the Department of Homeland Security announced Notices of Funding Opportunity for the State and Local Cybersecurity Grant Program and the Tribal Cybersecurity Grant Program. Administered by FEMA with significant support from CISA, the programs provide more than $91.7 million to states and territories and $12.6 million to Tribal governments to strengthen cybersecurity practices, build resilience and address risks to their information systems.
As part of its efforts to enhance the security of the nation’s cyber and critical infrastructure, the 2025 Year in Review said that CISA continuously identifies opportunities for innovative technologies. In July, CISA launched the Eviction Strategies Tool to help defenders rapidly contain and remove cyber adversaries. The two-part solution includes Playbook–Next Generation, a web app that generates tailored incident response playbooks in minutes, and COUN7ER, a database of more than 100 atomic countermeasures mapped to MITRE ATT&CK, D3FEND, and other best practices.
CISA optimizes resources and streamlines processes, maximizing the impact of every dollar to protect the nation’s cyber and critical infrastructure. Building on lessons learned from the 2020 SolarWinds campaign, CISA embarked on an initiative to build its own enterprise ecosystem, segmented from the rest of the federal government ecosystem. The infrastructure delivered a win for federal cybersecurity by enhancing CISA’s security and streamlining data processing, enabling greater cybersecurity insights into the broader cyber threat landscape. By being at the top of our game internally, CISA is better positioned to strengthen the nation’s cybersecurity.
CISA also launched new tools to streamline spending and automate processes, which helped save time, reduce administrative burden, and optimize resources. Through the Continuous Diagnostics and Mitigation Program, 54 agencies migrated to a Dashboard-as-a-Service model, lowering hosting costs and accelerating updates for federal end users to improve their cyber posture awareness.
In conclusion, the 2025 Year in Review noted that CISA is ready for the new challenges 2026 will bring, and we are excited to continue working with our government and private sector partners to strengthen cyber defenses and protect critical infrastructure. In doing so, “CISA will remain committed to our core mission to ensure cybersecurity, infrastructure security, and emergency communications are all defended with efficient, proactive, and modern approaches – keeping our networks, our communities, and our people safe.”
Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.
