Cybersecurity and Infrastructure Security Agency (CISA) chief Jen Easterly swung by DEF CON 31 in Las Vegas to update the hacker conference on how the agency plans to help fight the ransomware epidemic, as well as shore up defenses at critical facilities across the country.
CISA has only existed since November 2018, and its first chief Chris Krebs has often stressed the need for sustained investment in the agency for it to become the federal government’s “front door” on cybersecurity. One particular issue has been a lack of insight into where attacks are actually taking place, which Easterly said has made it difficult to track trends like the ransomware epidemic.
“We just don’t have a really good handle on the scope and scale of the ecosystem of cyber incidents because frankly, it’s not mandatory to report across the board,” she said. But the CISA chief also highlighted how the agency has new powers and authorities that will help it serve up timely threat intelligence to the government and private sector.
CISA’s growing ability to act includes the launch of a pre-ransomware notification initiative—which CISA says has issued hundreds of warnings to private sector firms targeted by threat actors since launching earlier this year—and the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). That law, passed in response to the Colonial Pipeline hack, requires covered entities in critical infrastructure to report attacks to CISA within a specified time frame, usually within 72 hours.
“For the first time, we will actually be able to understand what the scope is of incidents, whether all the work that we’ve been doing across the federal government, across industry, across state and local, across the globe, is actually leading to reduced risk,” Easterly told DEF CON attendees.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
She also emphasized how CIRCIA won’t change the agency’s mission from coordinating federal cyber defenses and supporting the private sector to a regulatory one.
“With CIRCIA, I feel like we’re in a very positive place with respect to our authorities,” Easterly said. “CISA doesn’t want to be a regulator…At the end of the day, the magic of CISA is our ability—through our technical expertise and our trusted partnerships—to be able to work across industry in a way that, frankly, is a little bit harder with regulators.”
CISA’s other recent initiatives include the Ransomware Vulnerability Warning Pilot (RVWP), a proactive scanning program operated by the agency intended to identify gaps in infrastructure defense. It has also contributed software of its own like Untitled Goose Tool, a tool that helps detect malicious activity in Microsoft cloud environments.
At another point during the discussion, Easterly warned that if the US and China get into an armed showdown over the independence of Taiwan, the conflict would rapidly spill over into cyberspace and involve “very formidable capabilities” directed at targets within the US.
“In the event of a conflict, China will almost certainly consider aggressive cyberattacks against US critical infrastructure and is almost certainly capable of disruption or destruction when it comes to oil and natural gas pipelines and railroads,” she said.
Transportation Security Agency Administrator David Pekoske, who was speaking alongside Easterly, concurred: “The intelligence we’re getting is consistent. It’s getting consistently more concerning over time.”
Easterly wasn’t the only high-ranking US official in attendance at DEF CON. Acting National Cyber Director Kemba Walden also made an appearance, with her talk centering around the need for the US government to more effectively compete with the private sector for the limited supply of cybersecurity talent.