Before its recent extension into the mis/disinformation (censorship) space, CISA was primarily focused on coordinating public/private response to cyber threats and distributing information about known vulnerabilities. It is the primary US sponsor of the CVE system, for instance. It also provides guidance regarding best practices to industry and government agencies.
By getting CISA involved in speech regulation, former directors made CISA into a political football, risking its core mission. (This actually happened during the first Trump admin, under a Trump appointee, but continued into the Biden administration.) There is no reason that an organization established to tackle cyber threats should be involved with regulating speech via third parties in NGOs and industry. None. Not even if that speech takes place “on the internet.”
By getting CISA involved in speech regulation, former directors made CISA into a political football, risking its core mission. (This actually happened during the first Trump admin, under a Trump appointee, but continued into the Biden administration.) There is no reason that an organization established to tackle cyber threats should be involved with regulating speech via third parties in NGOs and industry. None. Not even if that speech takes place “on the internet.”