CISA expects to extend this program to include up to 100 critical infrastructure entities in its first year.