In 2015, the Federal government of the United States sustained an attack on the Office of Personnel Management endangering the personal data of over 22 million former and present federal employees. As a result, a new Act was signed to redesignate the National Protection and Programs Directorate (NPPD) as the Cybersecurity and Infrastructure Security Agency (CISA) based on the 2018 National Security Agency (NSA) strategy (or the five-year plan) of 2008. Moreover, CISA was allocated USD 3.17 billion from the President's Budget for the fiscal year 2020.

CISA was established following a partnership between the NSA and companies concerned with the provision of electricity and the internet from the private sector. CISA's mission is focused on building capabilities to prevent cyberattacks, providing cybersecurity tools and incident response services, assessing capabilities to protect government networks, and supporting the basic operations of the federal government. This newly established agency is responsible for the implementation of the cognitive automation processes of cyber capabilities, as well as collaboration and communication capabilities to ensure cyber protection.

To provide an integrated and harmonious range of solutions and services, CISA harnesses a range of diverse technologies, such as the automation of information security and the response between artificial intelligence technologies and cybersecurity efforts. This automation requires predefined procedures based on an automated analysis of CISA's IT environment. This process uses AI technologies to automate the response of machines and helps the NSA launch these procedures much faster.

CISA relies on two chief centers to carry out its operations. The first is the National Cybersecurity and Communications Integration Center (NCCIC), which raises cyber-situational awareness, analytics, incident response, and cyber-defense capabilities for the federal government, the state, local, tribal, and territorial governments, the private sector, and international partners. The second is the National Risk Management Center (NRMC), which is concerned with planning, analysis, and collaboration to identify and address the most significant risks to the nation’s critical infrastructure.

CISA relies on a range of services, including the Continuous Diagnostics and Mitigation Program, which is a dynamic methodology for enhancing the cybersecurity of government networks and systems. Furthermore, sensors are installed inside CISA to perform continuous and automated scanning for cyber vulnerabilities. The results submitted by the sensors are then sent to CISA's dashboard, which in turn prepares customized reports and alerts network managers of the most dangerous cyber risks. CISA also uses EINSTEIN, the automated cyber surveillance system that monitors internet traffic within the federal government to prevent any hacking attempts and detect any malicious activities in real time.

CISA establishment and operation were accompanied by major challenges that had to be addressed through a set of decisive measures and actions. These challenges included the development and oversight of a comprehensive cybersecurity strategy. Several measures were taken to address this challenge, including the development and implementation of a more comprehensive federal strategy specialized in national and global cybersecurity, in addition to mitigating the risks of global procurement services (such as the installation of malicious software or hardware). The challenges facing workforce management were addressed and the security of emerging technologies like artificial intelligence and the Internet of Things was ensured.

The second major challenge was securing federal information and systems. The measures taken to address this challenge involved improving the implementation of cybersecurity initiatives at the state level, resolving weaknesses in information security programs within federal agencies, and strengthening the federal response to cybersecurity incidents.

In an attempt to protect the critical cybersecurity infrastructure, which is another challenge faced by CISA, federal agencies were empowered to protect the cybersecurity of critical infrastructure (such as the electricity and communication networks). In order to protect data privacy and sensitivity, work was carried out to improve federal efforts in this regard, the collection and use of personal information were relatively reduced, and this information was only obtained with prior consent.

CISA aims at establishing an integrated methodology for risk management in cooperation with private-sector partners. The private sector owns and operates many critical infrastructures, such as electricity distribution and internet services. CISA conducted seminars to engage with private-sector actors in order to collect data and launch a set of National Critical Functions that determine important tasks within the private and public sectors. This set also provides a risk management methodology that relies on communication to better understand the processes in which the agency is involved, rather than focusing on a vision limited to one sector or one type of asset. Public-private partnerships are the foundation for effective strategies and critical infrastructure security.