Jen Easterly has only been on the job as the director of the United States’ Cybersecurity and Infrastructure Agency (CISA) for a few weeks, but she's looking to make a quick impact.
In a keynote at the Black Hat US 2021 hybrid event on August 5, Easterly outlined the goals of CISA and announced a series of new initiatives designed to help enable closer coordination and partnership between the US government and the private sector. The big news was the announcement of the Joint Cyber Defense Collaborative (JCDC) with an initial group of partners that includes CrowdStrike, Palo Alto Networks, FireEye, Microsoft, Google, Amazon Web Services, AT&T, Verizon, and Lumen.
Easterly explained that the JCDC has two initial focus areas, with an effort to combat ransomware and an effort to develop a planning framework to respond to cyber-incidents on cloud providers. The need to bring government and the private sector together is highlighted by the scale of the problem.
"There's a cyber-attack roughly every 40 seconds, and as we all know, ransomware has become a scourge affecting all Americans across society, with attacks against schools, hospitals, municipalities, pipelines, meat packing and all manner of software," Easterly said. "We cannot allow avoidable cyber-disruptions to cost human lives."
CISA's Mission is Clear
CISA's mission statement is pretty simple, according to Easterly.
"We lead the national effort to understand, manage and mitigate risk to our cyber and physical infrastructure," she said. "It's easy to say, but very hard to operationalize the significant consequences for failure."
The vision for CISA is to enable secure and resilient infrastructure for the American people. She emphasized that the only way CISA can achieve its mission is in partnership with others.
"We can't do this alone, because over 80% of critical infrastructure is in private hands, so it has to be an effort where we come together and collectively leverage our imagination, and collaboration, to help secure our cyber ecosystem," Easterly said.
Why Partner with CISA
Perhaps the primary reason why Easterly was at Black Hat was to encourage those in the security industry and private industry to partner with CISA.
So why should any organization choose to work with CISA? Easterly said the first good reason is context.
"We can provide context to what you're seeing on your network," Easterly said. "Given where we are placed, our relationships with the intelligence community, the law enforcement community, industry and the federal government, we capture a holistic view of the threat landscape that we can provide to you to enable your understanding."
Easterly also emphasized that by sharing information and partnering with CISA, early warnings about potential threats can be rapidly disseminated. Additionally, via partnership and efforts like the JCDC, she said, groups can come together to share cyber best practices to defend against the most significant cyber-threats to the nation. For Easterly, it's not about the commonly heard concept of enabling a public–private partnership either.
"My goal is to really help breathe new life into these arguably hackneyed terms and turn the public–private partnership into public–private operational collaboration and information sharing, that is timely and relevant and most importantly, actionable," she said.