Official websites use .gov
A
.gov website belongs to an official government
organization in the United States.
Secure .gov websites use HTTPS
A
lock (
) or https:// means you’ve safely connected to
the .gov website. Share sensitive information only on official,
secure websites.
Cybersecurity Awareness Campaign
97.128
CISA’s mission is to lead the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure. In carrying out this mission, Section 2202 of the Homeland Security Act of 2002 assigns CISA with the responsibilities to coordinate a national effort to secure and protect against critical infrastructure risks, carry out cybersecurity and critical infrastructure stakeholder outreach and engagement, and encourage and build cybersecurity awareness and competency across the United States. Section 102 of the Homeland Security Act of 2002 authorizes CISA to make cooperative agreements in carrying out these responsibilities. In carrying out its mission and pursuant to these authorities, CISA provides financial assistance under the Cybersecurity Awareness Campaign Program to non-federal entities to perform cybersecurity awareness activities to reduce cybersecurity risks through messaging, tools, and resources to encourage individuals and organizations to reduce their exposure to malicious cyber activity. Through strategies implemented year-round with a focal point of Cybersecurity Awareness Month in October, a recipient under a federal award will engage in efforts to improve the public’s understanding of cyber threats, amplify opportunities that individuals and non-federal entities can leverage to strengthen their own cybersecurity posture, and encourage discussion, engagement, and actions that can be taken to reduce cyber risk. CISA has established the following six goals for the Cybersecurity Awareness Campaign Program: (1) strengthen the security and resilience of critical infrastructure; (2) assess and counter evolving cybersecurity risks through actions that promote threat risk reduction; (3) build a national culture of preparedness and ensure equity and accessibility to increase online and digital safety; (4) build stakeholder relationships that encourage and support data-driven actions by state, local, tribal, and territorial governments, for-profit and nonprofit organizations, other non-federal entities, and individuals that reduce cybersecurity risk; (5) reinforce the importance of secure by default and secure by design industry practices that do not place the first line of cyber threat risk reduction on those with the least capabilities and resources; and (6) encourage activities supported by data which result in key behavior change that reduce cyber risk. In support of the six program goals, CISA has established the following six objectives for the Cybersecurity Awareness Campaign Program: (1) educate the public and non-federal entities about the dangers of cyber threats and key actions to mitigate risks; (2) promote sustainable cybersecurity and encourage the technology industry to provide secure-by-default technology products and technology that is secure-by-design; (3) identify effective approaches to increase cybersecurity awareness among the general public and target audiences; (4) build relationships and coalitions across cybersecurity stakeholders to support Cybersecurity Awareness Month; (5) develop a baseline from which to measure the impact Cybersecurity Awareness Month campaign strategies and messaging has on changing behavior and increasing public awareness of cybersecurity risk; and (6) contribute to CISA’s efforts to build a culture of preparedness. The Cybersecurity Awareness Campaign Program aligns with Goal 3: Secure Cyberspace and Critical Infrastructure and Goal 5: Strengthen Preparedness and Resilience under the 2020-2024 Department of Homeland Security Strategic Plan. It also supports Goal 2: Risk Reduction and Resilience and Goal 3: Operational Collaboration under the CISA Strategic Plan 2023-2025.
This chart shows obligations for the program by fiscal year. All data for this chart was provided by the
administering agency and sourced from SAM.gov, USASpending.gov, and Treasury.gov.
For more information on each of these data sources, please see the
About the data page.
Increased National Cyber Security Awareness Month participation and media involvement – an increase of 226% in brand exposure and top-tier coverage, including placements on the Today Show, in Forbes, USA Today, CBS News, CNN and Fox News. Increase overall awareness of Stop.Think.Connect. program resources and raise the public cyber hygiene – an increase of 39% unique viewership during October. Over 15,000 tweets used #ChatSTC in 2015, an increase of 75% from 2014. NCSAM 2016’s media footprint increased by 71% as compared to 2015. Expanding its media footprint, NCSAM 2016 generated 4.1 billion+ or 4,174,865,419 unique views – an increase of 71% compared to 2015 – from digital/print stories and press release distribution that mentioned “National Cyber Security Awareness Month”. Social media engagement increased, with the #CyberAware hashtag being used 70,264 times in October 2016 (a 14% increase over 2015). Additionally, more than 21,200 Twitter handles tweeted the #CyberAware hashtag during the month – an 18% increase over the number of people who tweeted with the NCSAM hashtag in 2015. The hashtag potentially reached more than 68 million people (a 4% increase over last year) and generated nearly 493 million potential impressions (a 7% increase over last year).
Increased National Cyber Security Awareness Month participation and media involvement across the country from previous year. Gain additional far-reaching consumer-focused coverage, such as placements on the Today Show (or similar news/talk shows), CNN, etc. In 2017, 4,361 articles covered NCSAM and its related activities, events and announcement - representing a 68% increase from 2016. 7 Articles showcasing NCSAM appeared in a variety of widely-read publications, including USA Today, MPR Marketplace, Forbes, CNBC, PC Magazine, Gizmodo, The Wall Street Journal, Politica, Yahoo News, Huff Post and SC Magazine. Increased use of social media placement and mentions from 2016, utilizing social media platforms such as Facebook and Twitter. The NCSAM hashtag #CyberAware generated more than 599 million total potential impressions, a 22% increase over 2016. NCSA let 5 #ChatSTC Twitter chats which also assisted in building the STOP. THINK. CONNECT. Campaign brand as well.
Increase number of industry partner participation and strengthen private-public collaboration opportunities. Create new, creative, and innovative materials/collateral that gain national coverage and partner support. Capitalize on any new social media platforms and utilize existing platforms for increased social media presence than captured in 2017. Secure senior level leadership from industry to support NCSAM efforts and participate/speak at key events where possible.
The State, Local, Tribal, and Territorial (SLTT) Indicators of Compromise (IOC) Automation Pilot focused on the use of automation to enhance the use of threat indicators of compromise at the state and local levels. In addition, key areas for integration and automation at machine speed, potential reduction of manual tasks by humans, and actionable information sharing across enterprises were identified.
The Internet Security Information Sharing and Analysis Organizations explored and evaluated the most effective methods for bi-lateral cybersecurity information sharing, focusing on regional information sharing , communications and outreach, training end education, and research and development for the improvement of capabilities and capacity for the purposes of
The State, Local, Tribal, and Territorial Reporting and Threat Information Sharing Pilot advanced nationwide cybersecurity “211-like” capabilities and efforts to respond to cybersecurity breaches by standardizing the reporting structure and mechanism, along with a catalog of available resources for victims.
Developed new content, collateral, and campaign materials for awareness raising across the nation. Increased numbers of industry partner participation and involvement in consumer/employee cybersecurity awareness to include participation in National Cybersecurity Awareness Month. Assisted DHS with tracking and analyzing success metrics of campaigns and messaging. Lead content and messaging on social media for awareness messages.
Cybersecurity awareness month 2021 - Launched first research on “Cybersecurity Attitudes and Behaviors.” Polling 2,000 individuals across the U.S. and UK the report examined key cybersecurity trends, attitudes and behaviors. Signed up 3,296 Champions from 76 countries and territories (a 4% increase from 2020). NCA staff spoke at 30 Cybersecurity Awareness Month events to over 11,000 individuals in total. CAM was mentioned in over 10,000 articles resulting in 5 billion global views thanks to media planning and pitching from Crenshaw Communications, NCA’s PR team. NCA events were attended by over 1,600 people which included events for hill and federal employees, cybersecurity industry professionals and executives, and small business owners. NCA Twitter Chats received over 5,000+ engagements and 86,000+ impressions. General: 2 million+ annual page views on StaySafeOnline.org 20,000 monthly blog visitors. Over 50 guest authors contributed blog posts to staysafeonline.org, 30,000+ newsletter subscribers, 692,000 social media followers and fans. 250-350 attendees per webinar on average. NCA programs and leadership were referenced in major media outlets including NBC News, the Washington Post, USA Today and Axios Launched Cybersecurity Career and Education Resource Library on staysafeonline.org along with ta Cyber Success Stories blog series on cybersecurity careers and professionals.
Fiscal Year 2022: Fiscal Year 2022: To date in 2022, Data Privacy Week 2022: recipient held the first ever Data Privacy Week. Media reach was 4 billion global views. LinkedIn event viewed by 900+ privacy professionals. 1,908 registered Champions, a 24% increase from 2021. Keynote address given by Deputy Director Nitin Natarajan at co-hosted the 2nd annual Identity Management Day. Hosted twitter chat and small-business focused session as part of conference hosted by the Identity Defined Security Alliance. Recipient plans to execute the following programs: Cybersecurity Awareness Month and Data Privacy Week in 2022. Provide content and educational resources. Create more tailored email and social media content for Recipient’s audiences. Educate small and medium sized business owners on resources to increase cyber safety. Launch new scripted video content on cybersecurity and hacking. Educate the public aroundound online scams, cyberbullying, importance of password managers, MFA, how to protect public from phishing, risks of online shopping, travel tips, and other online security.
Fiscal Year 2023:
CISA awarded a Cybersecurity Awareness Campaign cooperative agreement in FY 2020 that was in the final year of the period of performance in FY 2023. During the final year of performance, the recipient accomplished the following: (1) executed Cybersecurity Awareness Month and Data Privacy Week ; (2) launched an updated Cybersecurity Awareness Month website with more content and educational resources;(3) integrated the updated website with a new CISA Cybersecurity Awareness Program; (4)created more tailored email and social media content;(5) developed and issued new messaging that encouraged secure-by-design and secure-by default industry practices to better protect the public and small business; (6) launched video content on cybersecurity and hacking; (7) carried out educational campaigns around online scams, cyberbullying, importance of password managers, MFA and password keys, updating software, and how to protect public from phishing and other online security protection; and (8) conducted baseline research study to measure impact of messaging; (9) identified partnerships with stakeholders who amplified the program’s cybersecurity messaging.
CISA also competitively awarded a new Cybersecurity Awareness Campaign cooperative agreement in FY 2023 with a period of performance from September 30, 2023, to February 28, 2026. As CISA made this award at the end of FY 2023, the recipient did not have any significant accomplishments.
The recipient is projected to accomplish the following in the first year of the period of performance of the FY 2023 Cybersecurity Awareness Campaign Program cooperative agreement. : (1) assessing current and future cybersecurity awareness needs for the general public as well as for targeted segments based on susceptibility to cyber threats and receptivity to adopting cybersecurity practices; (2) performing market research to determine target audiences’ interests, needs and barriers to adopting cybersecurity best practices to inform design and execution of Cybersecurity Awareness Month to address cybersecurity risk most effectively; (3)developing an annual Cybersecurity Awareness Campaign; (4) measuring, analyzing, and reporting on the effectiveness of awareness efforts and associated outcomes; (5) conducting research to measure behavior changes due to Cybersecurity Awareness Month exposure/saturation to determine program effectiveness and measurement of project, group and/or individual activities that encourage cybersecurity risk reduction actions by the targeted audiences so they might be used throughout the year; and (6);Analyzing and identifying activities that encourage cyber risk reduction by targeted audiences. (7) develop partnerships with stakeholders who will amplify the cybersecurity messages of the program.
CISA projects that it will award continuation funding for a second budget period for the cooperative agreement award that will begin on September 30, 2024.
The recipient is projected to accomplish the following in the second year of the period of performance of the FY 2023 Cybersecurity Awareness Campaign Program cooperative agreement: (1) assessing current and future cybersecurity awareness needs for the general public as well as for targeted segments based on susceptibility to cyber threats and receptivity to adopting cybersecurity practices; (2) based on the research from years one and two, determine successful elements of the awareness campaign to date and target FY 25 strategy to those elements to ensure program message is resonating with audiences’ interests during execution of Cybersecurity Awareness Month to address cybersecurity risk most effectively; (3)developing an executing the annual Cybersecurity Awareness Campaign; (4) measuring, analyzing, and reporting on the effectiveness of awareness efforts and associated outcomes fo year 3; (5) conducting research to measure behavior changes due to Cybersecurity Awareness Month exposure/saturation to determine program effectiveness and measurement of project, group and/or individual activities that encourage cybersecurity risk reduction actions by the targeted audiences so they might be used throughout the year; and (6);Analyzing and identifying activities that encourage cyber risk reduction by targeted audiences. (7) develop partnerships with stakeholders who will amplify the cybersecurity messages of the program.
CISA projects that it will award continuation funding for a third budget period for the cooperative agreement award that will begin on September 30, 2025, and end on February 28, 2026. In addition, CISA projects that it will competitively award a new Cybersecurity Awareness Campaign cooperative agreement in FY 2025 with a period of performance from March 1, 2026, to February 28, 2029.
Single Audit Applies (2 CFR Part 200 Subpart F):
For additional information on single audit requirements for this program, review the current Compliance Supplement.
OMB is working with the U.S. Government Accountability Office (GAO) and agency offices of inspectors general to include links to relevant oversight reports. This section will be updated once this information is made available.
