New CISA director Jen Easterly: we cannot allow avoidable cyber disruption to cost human lives
Jen Easterly, the new director of Cybersecurity and Infrastructure Security Agency (CISA), believes a greater collaboration between the private and public sectors can lead to a more secure cyber ecosystem.
"The world is incredibly digitized. That is a good thing. It brought us together as humans, and it helped us solve problems. We improved our quality of life. But as we've attached more devices and platforms on the internet, we have increased the attack surface," she said during the Black Hat USA 2021 conference.
There's a cyber attack happening roughly every 40 seconds, and 1,8 billion websites lead you to malware.
"Cybercrime damages are in the trillions of dollars, and as we all know, ransomware has become a scourge affecting all Americans across societies, hospitals, municipalities, and pipelines, meat packing, and all manner of software," she said.
One particularly pernicious attack vector is ransomware attacks against the healthcare sector, which is already stressed to its limits because of the COVID-19 pandemic.
"One healthcare service suffered a ransomware attack that cost them about 70M dollars. But that monetary cost pales in comparison to the potential human cost because these delays in services, surgeries, and healthcare can increase the number of average deaths that happen in a period of time. We cannot allow avoidable cyber disruption to cost human lives," Easterly said.
And yet, every day, malicious cyber actors - from nation-states to cybercriminals - weaponize the data and vulnerabilities within our networks and threaten our confidentiality, integrity, privacy, identity, security, critical infrastructure, and, she stressed, our way of life.
Easterly called for closer collaboration between the private and public sectors.
"We have to do it as a team. We can't do this alone because over 80% of critical infrastructure is in private hands. So it has to be in an effort to collectively leverage our imagination and collaboration to help secure our cyber ecosystem. Here is where I ask for your help," she said before emphasizing the point that "we are stronger together."
"First thing. Partner with us to raise the cybersecurity baseline of our data, networks, services, and products and help make the internet safer. (...) My priority is to ensure that we are maximizing this power to cultivate and strengthen the incredible partnerships that we have, in particular with industry, with academia, with researchers, and the hacker community, to ensure that we are leveraging the best and brightest in this community for the collective defense of the nation," Easterly said.
What's the value of partnering with these CISA people?
"We can provide context to what you see on your network. Context is for kings. Given where we are placed and our relationships within the intel community, law enforcement community, industry, the federal government, we capture a holistic view of the threat landscape we can provide to you to enable your understanding. What is more, given our role in helping to protect and defend federal, civilian, executive branch networks, we have a very large and unique cache of data that we synthesize and analyze to help put actionable products and guidance."
2) Cyber Incident response.
"We can send out expert cyber incident response teams to help victims recover from cyber attacks, and we stand by to help you if you need it. Much of the data that we get from responding to these incidents is anonymized, and we can use that very important to help warn other potential victims so that they don't get attacked. This ability to share information as an early warning is incredibly important to helping us all defend a cyber ecosystem."
3) A platform to share best practices.
"We, given our mission as the civilian cyber defense agency, have an incredible platform. The federal government are close partners at the state, local, tribal, territorial levels, are partners with critical infrastructure owners and operators all across the industry. It gives us this fantastic platform where we can come together and share cyber best practices, and we can plan, exercise against the most significant cyber threats to the nation."
During the Black Hat USA 2021 conference, she announced that CISA launched a Joint Cyber Defence Collaborative (JCDC).
"The whole idea of JCDC is to bring together our partners to do four key things. First, to share insights to create a common operating picture, a shared situational awareness of the threat environment so that we understand it better. Second, to develop a whole nation's comprehensive cyber defense plans to deal with the most significant threats to the nation, including threats to our critical infrastructure. Third, to exercise these plans because again, you got to exercise in peacetime to be prepared for wartime. You can't make a friend when you need a friend. And then, finally, to work together to implement these cyber defense plans into actual operations and make sure that we can do that to reduce risk to the nation," she said.
According to various media reports, tech giants like Amazon, Google, and Microsoft will join this government effort to fight cybercrime.
More from CyberNews:
Subscribe to our newsletter