Defending Federal Networks Requires More Than Money, CSIS Study Finds

The Center for Strategic and International Studies (CSIS) conducted a six-month study on the Cybersecurity and Infrastructure Security Agency (CISA) and its role in protecting federal civilian executive branch agencies from cyberattacks. The study found that while CISA needs additional resources, the focus should be on improving communication, coordination, and understanding of the complex risks associated with cyberattacks. The report recommends a more predictable and flexible funding structure for defense tools and services, harmonizing incident reporting, and addressing disinformation campaigns. The study emphasizes that money alone is not enough to defend government agencies and highlights the potential consequences of cyberattacks on crucial services and data. The report calls for CISA to grow into a larger advisory role and assist agencies in balancing short-term goals with long-term risks. The study involved interviews with experts and conducted tabletop exercises to gather insights from federal and private chief information security officers and the general public.