CISA Cyber Security Awareness Campaign

 

1. Program Overview: The primary focus of FY23 Cybersecurity Awareness Campaign (CAC) is to provide awareness to the Nation concerning cybersecurity risks & provide messaging, tools, & resources that encourage the American public, business & industry to reduce their exposure to online risks & malicious actors. Through strategies implemented during Cybersecurity Awareness Month (CAM) in October, the campaign seeks to improve the publics understanding of cyber threats & amplify opportunities Americans can leverage to strengthen their own cybersecurity posture & encourage year-round discussion, engagement, & actions we must all take every day to reduce cyber risk to ourselves & those we care about. The campaign aligns with the DHS Strategic Plan for 2020-2024 by supporting Goal 3: Security Cyberspace & Critical Infrastructure & Goal 5: Strengthen Preparedness & Resilience. Additionally, it also aligns to the 2023-2025 CISA Strategic Plan by supporting Goal 2: Risk Reduction & Resilience & Goal 3: Operational Collaboration. The CAC serves to further the Admins National Cybersecurity Strategy that builds on the work in support of EO 14028 (Improving the Nations Cybersecurity) & Nat'l Security Memorandum 5 (Improving Cybersecurity for Critical Infrastructure Control Systems), among other efforts & initiatives; & support the National Security Strategys vision of unprecedented gov't collaboration with civil society, private industry, & our int'l allies & partners. Through implementation of CISA Strategic Plan (2023-2025), (found at https://www.cisa.gov/resources-tools/resources/2023-2025-strategic-plan), CISA is working to ensure the cyber & physical infrastructure that Americans rely on every hour of every day is safe, secure, & resilient, & through Strategic Plan, Goal 2, we reduce risks to, & strengthen resilience of, Americas critical infrastructure. Consistent with the Strategic Plan , CA, held annually in October, supports our strategic goals to: ensure the cyber defense of the Nation by helping to spearhead the national effort to ensure defense & resilience of cyberspace; encourage efforts to reduce risks to, & strengthen resilience of, Americas critical infrastructure; & help strengthen whole-of-nation operational collaboration & info. sharing, especially through our efforts to optimize collaborative planning & implementation of stakeholder engagements & partnership activities, streamlining access to & use of appropriate CISA programs, products, & services, & enhance information sharing with CISAs partnership base. a. Goals & Objectives Goals This cooperative agreement supports CISA CAC of which CAM, held annually during October, is a focal point of the messaging & activities to accomplish the following Goals that encourage year-round actions to reduce such risks: Goal 1: Strengthen the security & resilience of critical infrastructure. Goal 2: Assess & counter evolving cybersecurity risks through actions that promote threat risk reduction. Goal 3: Build a national culture of preparedness for all Americans, ensuring equity & accessibility in our efforts to increase online & digital safety. Goal 4: Build stakeholder relationships that encourage & support data-driven actions by governments, the private sector, tribes, non-profits, & the public that reduce cybersecurity risk. Goal 5: Reinforce the importance of secure by default & secure by design industry practices that do not place the first line of cyber threat risk reduction on those with the least capabilities & resources. Goal 6: Encourage activities supported by data which result in key behavior change that reduce cyber risk. October '23 marks the 20th CAM, & the campaign will execute a rsch & data-driven strategy that supports implementation of specific pgrms, activities, & outreach efforts that encourage yr-round changes in behaviors that reduce cyber risk, & are supported through messaging, materials & products throughout both CAM & throughout the year. Objectives The following objectives will support goals of the CAC: Obj. 1: Educate the public, small businesses, & industry about the dangers of cyber threats & key actions that can be taken to mitigate risks. Obj. 2: Promote sustainable cybersecurity & encourage the tech industry to provide secure-by-default tech products with strong security features right out of the box, without added costs; & tech that is secure-by-design, purposefully developed, built, & tested to significantly reduce the number of exploitable flaws before they are introduced into the market for broad use. Obj. 3: ID effective approaches to increase CA among the general public & target audiences, including vulnerable populations & those with disabilities. Obj. 4: Build relationships & coalitions to support CAM Obj. 5: Dev. a baseline from which to measure the impact CAM campaign has on changing behavior & inc. public awareness of cyber risk. Obj. 6: Contribute to efforts to build culture of preparedness against threats

Active 97.128 Cybersecurity and Infrastructure Security Agency, Department of Homeland Security B - Project Grants Fiscal Year 2016 Increased National Cyber Security Awareness Month participation and media involvement – an increase of 226% in brand exposure and top-tier coverage, including placements on the Today Show, in Forbes, USA Today, CBS News, CNN and Fox News. Increase overall awareness of Stop.Think.Connect. program resources and raise the public cyber hygiene – an increase of 39% unique viewership during October. Over 15,000 tweets used #ChatSTC in 2015, an increase of 75% from 2014. NCSAM 2016’s media footprint increased by 71% as compared to 2015. Expanding its media footprint, NCSAM 2016 generated 4.1 billion+ or 4,174,865,419 unique views – an increase of 71% compared to 2015 – from digital/print stories and press release distribution that mentioned “National Cyber Security Awareness Month”. Social media engagement increased, with the #CyberAware hashtag being used 70,264 times in October 2016 (a 14% increase over 2015). Additionally, more than 21,200 Twitter handles tweeted the #CyberAware hashtag during the month – an 18% increase over the number of people who tweeted with the NCSAM hashtag in 2015. The hashtag potentially reached more than 68 million people (a 4% increase over last year) and generated nearly 493 million potential impressions (a 7% increase over last year).
Fiscal Year 2017 Increased National Cyber Security Awareness Month participation and media involvement across the country from previous year. Gain additional far-reaching consumer-focused coverage, such as placements on the Today Show (or similar news/talk shows), CNN, etc. In 2017, 4,361 articles covered NCSAM and its related activities, events and announcement - representing a 68% increase from 2016. 7 Articles showcasing NCSAM appeared in a variety of widely-read publications, including USA Today, MPR Marketplace, Forbes, CNBC, PC Magazine, Gizmodo, The Wall Street Journal, Politica, Yahoo News, Huff Post and SC Magazine. Increased use of social media placement and mentions from 2016, utilizing social media platforms such as Facebook and Twitter. The NCSAM hashtag #CyberAware generated more than 599 million total potential impressions, a 22% increase over 2016. NCSA let 5 #ChatSTC Twitter chats which also assisted in building the STOP. THINK. CONNECT. Campaign brand as well.
Fiscal Year 2018 Increase number of industry partner participation and strengthen private-public collaboration opportunities. Create new, creative, and innovative materials/collateral that gain national coverage and partner support. Capitalize on any new social media platforms and utilize existing platforms for increased social media presence than captured in 2017. Secure senior level leadership from industry to support NCSAM efforts and participate/speak at key events where possible.
Fiscal Year 2019 The State, Local, Tribal, and Territorial (SLTT) Indicators of Compromise (IOC) Automation Pilot focused on the use of automation to enhance the use of threat indicators of compromise at the state and local levels. In addition, key areas for integration and automation at machine speed, potential reduction of manual tasks by humans, and actionable information sharing across enterprises were identified. The Internet Security Information Sharing and Analysis Organizations explored and evaluated the most effective methods for bi-lateral cybersecurity information sharing, focusing on regional information sharing , communications and outreach, training end education, and research and development for the improvement of capabilities and capacity for the purposes of - Cyber threat analysis and information sharing - Education / training / workforce development - Technical research and development to support effective information sharing - Share best practices The State, Local, Tribal, and Territorial Reporting and Threat Information Sharing Pilot advanced nationwide cybersecurity "211-like" capabilities and efforts to respond to cybersecurity breaches by standardizing the reporting structure and mechanism, along with a catalog of available resources for victims.
Fiscal Year 2020 Developed new content, collateral, and campaign materials for awareness raising across the nation. Increased numbers of industry partner participation and involvement in consumer/employee cybersecurity awareness to include participation in National Cybersecurity Awareness Month. Assisted DHS with tracking and analyzing success metrics of campaigns and messaging. Lead content and messaging on social media for awareness messages.
Fiscal Year 2021 Cybersecurity awareness month 2021 - Launched first research on "Cybersecurity Attitudes and Behaviors." Polling 2,000 individuals across the U.S. and UK the report examined key cybersecurity trends, attitudes and behaviors. Signed up 3,296 Champions from 76 countries and territories (a 4% increase from 2020). NCA staff spoke at 30 Cybersecurity Awareness Month events to over 11,000 individuals in total. CAM was mentioned in over 10,000 articles resulting in 5 billion global views thanks to media planning and pitching from Crenshaw Communications, NCA's PR team. NCA events were attended by over 1,600 people which included events for hill and federal employees, cybersecurity industry professionals and executives, and small business owners. NCA Twitter Chats received over 5,000+ engagements and 86,000+ impressions. General: 2 million+ annual page views on StaySafeOnline.org 20,000 monthly blog visitors. Over 50 guest authors contributed blog posts to staysafeonline.org, 30,000+ newsletter subscribers, 692,000 social media followers and fans. 250-350 attendees per webinar on average. NCA programs and leadership were referenced in major media outlets including NBC News, the Washington Post, USA Today and Axios Launched Cybersecurity Career and Education Resource Library on staysafeonline.org along with ta Cyber Success Stories blog series on cybersecurity careers and professionals.
Fiscal Year 2022 Fiscal Year 2022: Fiscal Year 2022: To date in 2022, Data Privacy Week 2022: recipient held the first ever Data Privacy Week. Media reach was 4 billion global views. LinkedIn event viewed by 900+ privacy professionals. 1,908 registered Champions, a 24% increase from 2021. Keynote address given by Deputy Director Nitin Natarajan at co-hosted the 2nd annual Identity Management Day. Hosted twitter chat and small-business focused session as part of conference hosted by the Identity Defined Security Alliance. Recipient plans to execute the following programs: Cybersecurity Awareness Month and Data Privacy Week in 2022. Provide content and educational resources. Create more tailored email and social media content for Recipient’s audiences. Educate small and medium sized business owners on resources to increase cyber safety. Launch new scripted video content on cybersecurity and hacking. Educate the public aroundound online scams, cyberbullying, importance of password managers, MFA, how to protect public from phishing, risks of online shopping, travel tips, and other online security.
Fiscal Year 2023 Fiscal Year 2023: Fiscal Year 2023: Recipient plans to execute the following programs: Cybersecurity Awareness Month and Data Privacy Week in 2023. Launch an updated Cybersecurity Awareness Month website with more content and educational resources. Integrate the updated website with a new CISA Cybersecurity Awareness Program. Create more tailored email and social media content for Recipient audiences and reach more audiences. New messaging that encourages secure-by-design & secure-by default industry practices to better protect the public & small business. Launch video content on cybersecurity and hacking. Educational campaigns around online scams, cyberbullying, importance of password managers, MFA and password keys, how to protect public from phishing, risks of online shopping, travel tips, and other online security protection. Conduct baseline research study to measure impact of messaging.
Fiscal Year 2024 Fiscal Year 2024: Fiscal Year 2024: • Tasks • Strategy Development o Assess current and future cybersecurity awareness needs for the general public as well as for targeted segments based on susceptibility to cyber threats and receptivity to adopting cybersecurity practices. o Perform market research to determine target audiences’ interests, needs and barriers to adopting cybersecurity best practices to inform design and execution of Cybersecurity Awareness Month to address cybersecurity risk most effectively. Develop an annual Cybersecurity Awareness Campaign, that includes development of a coordinated strategy to engage partners and raise the visibility of CISA’s Cybersecurity Awareness Month (October), to include tailored activities for specific audiences. o Measure, analyze and report on the effectiveness of awareness efforts and associated outcomes, to include:  Developing a methodology for measuring Cybersecurity Awareness Month outreach and outcomes.  Establishing baselines for awareness and actions associated with Cybersecurity Awareness Month o Conduct research to measure behavior changes due to Cybersecurity Awareness Month exposure/saturation to determine program effectiveness and measurement of project, group and/or individual activities that encourage cybersecurity risk reduction actions by the targeted audiences so they might be used throughout the year. Such research may include:  Identification of changes influenced by campaign promotion and specific events, or tactics executed  Analysis of broad shifts in public attitudes or policies, measured through independent studies, government surveys, or polls o Analysis and identification of activities that encourage cyber risk reduction by targeted audiences o Viable applicants must ensure they address capabilities and approach to driving behavior change among wide-ranging audiences. Capturing the number of hits on websites and relevant social media platforms • Cybersecurity Awareness Month Materials Production • Stakeholder Engagement and Outreach • Cross-promotion of Cybersecurity Resources • Execute Cybersecurity Awareness Month Activities * Program Management Homeland Security Act of 2002, as amended (6 U.S.C. ss 112(b)(2), Section 102(b)(2), Public Law -116-260
Section 102(b)(2) of the Homeland Security Act of 2002, as amended ( U.S.C. ss 112(b)(21)). Nonprofits with 501(c)(3) status, other than institutions of higher education. Financial assistance will be awarded through a competitive process. Eligible applicants will include public or private non-profit organizations, dedicated to promoting cybersecurity-related awareness and safe behavior online through creative website content and additional communication mediums nationwide. CISA will not review applications that fail to meet the eligibility criteria. See above. Not applicable. Preapplication coordination is not applicable. 2 CFR 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards applies to this program. 2 CFR Part 200 applies Applications or plans are reviewed by DHS program and administrative staff. Any issues or concerns noted in the application will be negotiated with the successful applicant prior to the award being issued. Contact the headquarters or regional location, as appropriate for application deadlines Refer to the funding opportunity announcement. Not applicable. Refer to the funding opportunity announcement. Refer to the funding opportunity announcement for information on criteria for selecting proposals. Financial and nonfinancial assistance may be provided for the following: salaries, materials and supplies, equipment, travel, publication costs, subcontractor and supporting costs required for technical and other activities necessary to achieve the objective. Restrictions on use of funds will be identified in the funding opportunity announcement and award provisions. DHS grant funds may only be used for the purpose set forth in the cooperative agreement, and must be consistent with the statutory authority for the award. Grant funds may not be used for matching funds for other Federal grants, lobbying, or intervention in Federal regulatory or adjudicatory proceedings. In addition, Federal funds may not be used to sue the Federal government or any other government entity. Refer to funding opportunity announcement. See above. Performance Reports: See above. 2 CFR Part 200 applies to the ISAO program. Grant records shall be retained for a period of 3 years from the day the recipient submits its final, acceptable expenditure report. If any litigation, claim, negotiation, audit, or other action involving the records has been started before the expiration of the 3-year period, the records must be retained until completion of the action and resolution of all issues which arise from it, or until the end of the regular 3-year period, whichever is later. Grant records include financial and program/progress reports, support documents, statistical records, and other documents that support the activity and/or expenditure of the recipient or sub-recipient under the award. Statutory formula is not applicable to this assistance listing.

Matching requirements are not applicable to this assistance listing.

MOE requirements are not applicable to this assistance listing. Refer to program guidance. Awards are subject to the Cash Management Improvement Act for payment and/or reimbursement of expenditures. Method of awarding/releasing assistance: Refer to announcement/program guidance or the award document. Annual Lump sum (Period of Performance will be 29 months comprised of 12-month budget periods and one 5 month budget period). Applicants will be making draw downs through the HHS-Payment Management System in accordance with the Cash Management Improvement Act. None/Not specified. Justin Covington
Program Officer
Stakeholder Engagement Division
4200 Wilson Blvd.
Arlington, VA 22203 US
Justin.Covington@cisa.dhs.gov
Phone: 202-815-4622 http://www.cisa.gov/cybersecurity-awareness-month 70-0565-0-1-999 (Cooperative Agreements) FY 22$549,996.00; FY 23 est $549,996.00; FY 24 est $549,995.00; - Refer to the funding opportunity announcement. A-110, Uniform Administrative Requirements for Grants and Agreements with Institutions of Higher Education, Hospitals and Non-Profit Organizations, A-21, Cost Principles for Educational Institutions and A-122, Cost Principles for Non-Profit Organization.) 2 CFR Part 200 applies to the ISAO program. Fiscal Year 2017 DHS awarded a National Cyber Security Awareness 2-year grant to non-profit organization, the National Cyber Security Alliance (NCSA), to plan and execute public cybersecurity awareness efforts. NCSA utilized the funding ot complete research and studies, create awareness-raising materials, promote cybersecurity awareness on multiple social media platforms, leverage traditional media channels, as well as co-manage the STOP. THINK. CONNECT (TM) Campaign with DHS and plan and execute National Cybersecurity Awareness Month efforts.
Fiscal Year 2019 Currently three funded cooperative agreements: The State, Local, Tribal, and Territorial (SLTT) Indicators of Compromise (IOC) Automation Pilot; The Internet Security - Information Sharing and Analysis Organizations (IS-ISAO) Pilot; and The State, Local, Tribal, and Territorial Reporting and Threat Information Sharing Pilot