4 minute read
How CISA is Leading the Way on the Cybersecurity EO
Because cybersecurity is a team sport, the Cybersecurity and Infrastructure Security
Agency (CISA) may be America’s coach. CISA is a federal agency responsible for elevating government cybersecurity nationwide. Whether the threat is a cybercriminal or a hostile nation, CISA helps protect its federal, state and local partners by improving cybersecurity coordination and defenses.
Advertisement
Naturally, Biden’s recent cybersecurity EO closely fits CISA’s mission. From sharing threat intelligence to practicing zero trust cybersecurity, the EO outlines several key strategies CISA urges agencies to follow going forward.
GovLoop discussed CISA’s role in implementing the new cybersecurity EO with Deputy Executive Assistant Director for Cybersecurity Matt Hartman.
This interview has been lightly edited for brevity and clarity.
GOVLOOP:How is U.S. cybersecurity doing?
HARTMAN: In terms of where we’re doing well, the first thing that comes to mind is that we are making our adversaries work harder by more consistently and more thoroughly doing debasement, particularly in the federal space. It is things like implementing MFA, encrypting data and rapidly patching vulnerable systems.
The challenge is that while we continue to improve our defenses, shore up our cyber hygiene and take advantage of some lowhanging fruit as a federal enterprise, our adversaries are becoming increasingly sophisticated and brazen. To get where we need to be in terms of cybersecurity, our country needs sustained investments in both cybersecurity and IT modernization over many, many, many years.
Recent events have again highlighted the truth that no one security control, vendor or solution can prevent an attack from a nation-state adversary. It is going to take multiple layers of defense and security measures to protect an organization. And even with all that in place, it is going to continue to represent a great challenge to keep sophisticated adversaries from gaining access to networks that represent strategic interest to them, which is why one of the first principles of zero trust cybersecurity is to assume breach.
This is the reason the EO sets out these tangible actions to raise the bar on the federal government’s ability to detect and respond to cybersecurity incidents. The shared end goal is to ensure that our critical infrastructure – which keeps our global community working through thick and thin – is a hard target for those who seek to disrupt it. And when that critical infrastructure is disrupted, we are collectively able to limit the impact to the functions that we as Americans rely on every day.
How would you like to see the public and private sectors share threat intelligence based on the EO?
The private sector is increasingly uniquely positioned to domestically identify key threats and vulnerabilities to our federal infrastructure and our nation’s infrastructure. One of our primary roles at CISA – and the one we take most seriously – is to serve as the hub for public-private informationsharing in a cybersecurity incident report.
In this past year’s National Defense Authorization Act, CISA was provided the authority and resources to stand up a joint cybersecurity planning office to lead the development of and to coordinate the execution of a whole-of-government – and whole-of-nation – cyber defense plan. It is integrating the capabilities of the U.S. government, the private sector and our state, local, tribal, territorial and international partners with the sole focus of defensive cybersecurity planning. It is going to be extremely beneficial in enhancing our ability to quickly develop a common operating picture and provide rapid assistance to both federal and non-federal organizations that have or may have been targeted by adversaries.
What cybersecurity best practices do you recommend for aligning with the EO?
On the federal front, recent cyberthreat campaigns continue to highlight that our federal networks are on the frontlines of cyberattacks against our nation. This reality makes it essential that we think of the federal government more as an enterprise. As part of this enterprise mentality, we can better manage our collective risk. There is a need for greater visibility, increased shared services and more cost-effective capabilities.
For state and local governments, recent events have forced us as an entire U.S. government to focus a tremendous amount of effort on combating the recent rise in ransomware attacks. To that end – and to minimize the risk of ransomware and all cyberattacks – CISA recommends following three cybersecurity best practices.
One, report your incident to CISA and law enforcement. We are here to help, and if you call one of us, you call all of us.
Two, ensure your business operations can remain operable in the event of a large-scale IT disruption. It is not only important to have business continuity and incident response plans in place, it is imperative to test your plans regularly.
Third, remember that almost all intrusions stem from weaknesses in internet-facing systems. If you can do one thing, assess your posture and fix these external-facing vulnerabilities.