Biden nominated former Obama official Jen Easterly in April to head the Cybersecurity and Infrastructure Security Agency (CISA), and he officially took office in July. As the second director of the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA), she must contend with the historic onslaught of ransomware attacks and disinformation campaigns that have grown in the United States this year.
It may appear to the outside world that Eastleigh has a different style of bureaucracy. She showed variety at the Black Hat cybersecurity conference in August, where she danced to AC/DC about new policy initiatives in a “Free Britney” shirt and dragon-print jeans.
However, her relaxed style is not due to inexperience. The retired military officer had earlier served at the White House as special assistant to the president and senior director of counterterrorism, as well as deputy NSA counterterrorism officer. She retired from the U.S. Army after serving more than 20 years in intelligence and cyber operations and was responsible for forming the Army’s first cyber battalion. Eastley was also instrumental in the design and creation of U.S. Cyber Command, where she was a two-time Bronze Star recipient. Before moving to banking, she also served as special assistant to President Obama on counterterrorism and later as head of cybersecurity at Morgan Stanley.
During the June nomination hearing, in written testimony before the Senate Homeland Security and Governmental Affairs Committee, Easterly touched on the role of CISA director. “In the federal cyber ecosystem, CISA is the ‘quarterback’ responsible for protecting and defending federal government networks; leading asset response to cyber incidents; and ensuring that timely and actionable information is shared among federal, non-federal and industry partners information,” the testimony read.
Last week in Eastleigh, he talked up a major shift in cybersecurity: “Everything is interconnected, everything is interconnected”. This interconnectivity is a product of our digital world. “So the attack surface has expanded, and the amount, variety and velocity of data has grown exponentially.” The current situation is this: a cyber attack happens every 40 seconds, and one in 10 of the Internet’s 1.8 billion sites directs you to malicious software. “So the biggest change is that cybersecurity has become a regular issue.”
At CISA, which is part of the Department of Homeland Security, Eastley had to transition from the more offensive role she played in the Army, NSA and intelligence community to a defensive one. She says her past experiences have helped her understand how her opponents operate and develop empathy for them. “You have to have adversarial empathy,” she explained, “to really understand how your opponent works, and through the tactics, techniques and procedures they use, to be the best defender.”
“The biggest change is that cybersecurity has become a regular issue.”
Jen Easterly, Director, CISA
For the best defense, Easterly will have to expand the size of the newest branch of the U.S. government. That’s part of the reason she’s going to Black Hat, Defcon, and this month’s upcoming AvengerCon (see: U.S. military’s cyber offensive unit “Avengers” next month), this year’s event CISA Director Jen Easterly ) will be the keynote speaker at AvengerCon VI.
To reach out to the private hacker community.
“That’s my community, man,” she said. “We want to ignite the power of hackers and researchers and academics because at the end of the day, the world is full of holes and I feel like the offense dominates the defense. So I want to make sure we’re using the talent and kindness of these communities to help us identify and close those holes. So please work with us and make it happen.”
Eastley said that of all the technologies involved, the hardest part is “the basics about people and human behavior and getting people to change the way they operate and implement cyber hygiene through authentication, patching and software upgrades. More than 90 percent of vulnerabilities used in ransomware attacks have patches associated with them, she said, but many of us fail to grasp the basics of cybersecurity.
She is optimistic about the current U.S. government’s path forward. “I’m an optimist, but I’m more optimistic than ever that we can work together as trusted partners in government, team sports and the private sector.” Through this collaboration, she hopes to “create a common Operational Environment Picture” in order to “plan and exercise in peacetime so that we are ready to work together in wartime”.
Even the director himself went out. It seems that the words of masters in the folk are absolutely correct. The new stars in the online world are really not to be underestimated, and the Model can be used for reference.