Jen Easterly Takes Charge of CISA At Black Hack USA 2021
The new Director of the Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly, opened Day 2 of Black Hat USA 2021 with a remote presentation on Hacking the Cybersecurity Puzzle. There was a recurring theme of a Rubik's Cube (which Easterly solved in under a minute while on stage). The real puzzle was how to get public and private institutions to work together to solve the problems infosec faces today.
Easterly began by presenting her bio. She is a daughter of a military father and so she went to West Point Academy, as one of the first female cadets. She later returned to West Point to teach.
The Cybersecurity and Infrastructure Security Agency is relatively new. It’s first directory, Chris Krebs, was fired by then-president Tump for saying that the 2020 election was the most secure election in history. Easterly was appointed by Congress a few weeks ago.
Easterly first cleared up one of the biggest challenges facing information security today--how to pronounce “CISA.
That aside, Easterly proceeded to explain why CISA is important. She said it provides context to what system admins might be seeing on their networks by gathering intelligence. It also has expert responders who can get actionable information out to others who might also be affected. And, finally, CISA partners with local and state governments by sharing best practices from around the country.
As part of that program, Easterly harkened back to her studies at West Point and said she was interested in modeling CISA around Eisenhower’s strategy. Specifically:
- share insights of threat
- develop a whole nation attack response plan
- exercise these whole nation attack plans to prepare
- work together to make sure the plan is actually operational
Easterly then summarized recent attacks, such as Solar Winds, and pointed out how CISA had worked with Microsoft, Cisco, and others to get actionable information out to the community.
“Everyone knows that we are stronger together our strength really comes from this incredible power of collaboration,” Easterly said. “But we know that with great power comes great responsibility. So, my priority one of my priorities as the director is to ensure that we are maximizing this power is to cultivate and strengthen the incredible partnerships that we have, in particular with industry, with the academia with researchers with hacker community to ensure that we have leveraging the best and brightest of this community for the collective defense of the nation.”
Easterly also used her Black Hat USA keynote to announce the Joint Cyber Defense Collaborative - or JD/CD- with an appropriate Rock logo and Rock music. This new initiative will
- Design and implement comprehensive, whole-of-nation cyber defense plans to address risks and facilitate coordinated action;
- Share insight to shape joint understanding of challenges and opportunities for cyber defense;
- Implement coordinated defensive cyber operations to prevent and reduce impacts of cyber intrusions; and
- Support joint exercises to improve cyber defense operations.
Initial JCDC partners include Amazon Web Services, AT&T, CrowdStrike, FireEye Mandiant, Google Cloud, Lumen, Microsoft, Palo Alto Networks, and Verizon. Apart from these companies, Easterly emphasized the need for more people to work in infosec.
"Everybody knows the statistics by this point in time," Easterly said. "There are 3.5 million unfilled cybersecurity jobs around the world some 500,000 here in the US. In my personal opinion, this needs to be a highly ambitious national effort to be able to build a cybersecurity workforce to deal with the highly digitized world that we live in."
"Oue particular passion of mine," Easterly said, "is developing diverse organizations. I honestly believe that organizations that want to build, particularly in technology and cybersecurity must reflect the incredible diversity of our nation, diversity, and gender and ethnicity, and sexual orientation in education and background that all translates into diversity of thought, that helps us solve our most complicated puzzles, better and faster that incredible diversity helps us be able to address these problems, much more collaboratively. So the fourth thing, we just issued a cybersecurity workforce guide. And essentially what this is is an interactive guide for federal federal workers, they can download it and look for no cost opportunities for professional development. So the whole idea is we make cybersecurity careers more accessible so that more people can see themselves in assignment."