CISA chief: Risk management agencies key to addressing sector-specific cyberthreats
Cybersecurity and Infrastructure Security Agency Director Jen Easterly has said her agency will work closely with federal risk management agencies to enhance cybersecurity practices within their own sectors such as energy and transportation.
Speaking Thursday at the Black Hat conference in Las Vegas, Easterly underscored the importance of using federal departments’ sector knowledge to help improve cybersecurity standards across every area of society in the U.S. To do so, CISA will step up its close work with departments responsible for managing risks in key areas of U.S. infrastructure, including the Department of Energy, the Environmental Protection Agency, and the Department of Transportation, she said.
“Critical infrastructure owners and operations, as well as state and local governments will play a similar role – bringing expertise to the discussion and a unique ability to drive cyber defense activities in their jurisdictions,” said Easterly.
CISA today announced its new Joint Cyber Defense Collaborative strategy for enhanced information sharing between industry, government and academia. It is hoped the scheme will allow federal agencies, lawmakers and the private sector to react faster and more effectively to ransomware attacks and other digital threats.
The agency has obtained buy-in for the new center from technology giants including CrowdStrike, Palo Alto, FireEye, Amazon Web Services, Google, Microsoft, AT&T, Verizon and Lumen, she said. Through JCDC, the member organizations will take part in two cyber sprints: one to combat ransomware, and the second to develop a planning framework for coordinating incidents that affect cloud providers.
In her keynote speech at the conference, Easterly also called on industry to support the federal government’s focus on rapidly growing the U.S.’s cybersecurity workforce, including through new relationships with universities and colleges and at the K-12 level.
The CISA director also issued a wider call for companies and technology experts to join CISA’s community of information sharing and to become evangelists for cybersecurity within their own organizations.