Jen Easterly, director of the United States’ Cybersecurity and Infrastructure Agency (CISA), is on a mission to enlist security professionals to help defend the free world.
In a session at the DEFCON 30 security conference in Las Vegas, USA, Easterly was joined by DEFCON founder Jeff Moss to discuss the role and progress of CISA in recent months. In a wide-ranging conversation, she praised the support her agency is getting from Congress as well as the support of the global security researcher community. Easterly noted that CISA is able to hire staff in a way that helps it attract and retain talent.
"Congress went all in on us, they gave us more money, more authority and they gave us something called the cyber talent management system which allows us to hire in a more agile approach and pay more," she explained.
While there is a lot of division in US politics, the issue of cybersecurity is not a partisan one.
"We have been really blessed in terms of our engagement with the Congress as cybersecurity happily, is still a very bipartisan issue," Easterly said. "When I go up on Capitol Hill, whether it's to talk about my budget, testify or just provide an update on what we're doing, the questions that I routinely get from the House and the Senate are, what more can we do for you?"
Fighting Threat Adversaries and the Bureaucracy
While Congress is supportive, a key challenge remains the overwhelming weight of government bureaucracy.
"People often ask what keeps me up at night and sure the adversaries are out there and they're really sophisticated," Easterly said. "But for me, it's battling the bureaucracy, both so we can attract and retain the talent, but also be able to do the mission."
She noted the thing she worries most about is bureaucracy and trying to make sure that CISA does things much more like the private sector. Part of being more like the private sector is about engaging more with vendors and individuals as well as security agencies within other nations.
"The operative word for all of this is trust, so the question is, how do you actually build trust in partnerships between the federal government and all of the partners that we need to work with," Easterly said. "Our job is to defend critical infrastructure and we don't own the vast majority of critical infrastructure, so we have to have trusted partnerships so we can work together to make sure that everybody has the guidance, resources and the tools to be able to defend the nation."
Easterly added that cyber-defense is pretty much the same around the world as every free nation has to protect its infrastructure. She noted that CISA has fantastic relationships with over 100 CERTs (Computer Emergency Response Teams) in different countries.
"We have what's called the International Watching and Warning network where nations across the world share information," Easterly said. It's really a community coming together for global defense."