CISA Director: Tech industry should infuse security into product design stage


Diving Brief:

  • Cybersecurity and Infrastructure Security Agency Director Jen Easterly called on the tech industry to build more security into their products at the design stage, while speaking at the Billington Cybersecurity Summit in Washington DC on Wednesday.
  • The call comes at a time when concerns about attacks on critical infrastructure and essential services have grown in recent years. Federal agencies have recently encouraged developers and critical infrastructure providers to build more resilience into the design stage, making them better able to withstand malicious attacks.
  • Easterly said CISA plans to issue a request for information regarding new incident reporting requirements under the Critical Infrastructure Cyber ​​Incident Reporting Act of 2022, which requires prompt notification of major cyberattacks. . Easterly also announced plans for a national listening tour, which would include 11 separate sessions for generate comments local communities.

Overview of the dive:

Easterly acknowledged that the country is in a very intense threat environment with a number of recent challenges including the Log4j vulnerability and other security issues. However, by working together against sophisticated adversaries, Easterly argued that the United States can make it very costly and uncomfortable for threat actors to launch major attacks against the nation.

“Attackers have budgets too,” Easterly said. “We need to work together to make sure we increase the marginal cost of their investment.”

Easterly, followed by National Director of Cybersecurity Chris Inglis, kicked off the first post-pandemic meeting at the summit, where top federal government cybersecurity leaders met with private sector security leaders and others. key stakeholders.

The CISA director praised the Biden administration’s efforts to make cybersecurity a national priority. These efforts have been fueled in large part by catastrophic events like the SolarWinds supply chain attack, attributed to a Russian-backed threat actor, as well as a series of major ransomware attacks on software vendors. infrastructure, including Colonial Pipeline and meat supplier JBS USA.

Easterly also said the goal is to develop a true partnership with private industry, encourage greater interaction between different government agencies, and facilitate greater collaboration with overseas allies.

A stakeholder call was scheduled for this afternoon with cybersecurity counterparts at the National Cyber ​​Security Center in the UK, Easterly said. The UK has faced recent ransomware attacks against the National Health Service and a major water supplier.


Comments are closed.