The Cybersecurity and Infrastructure Security Agency (CISA) is not political and must be a non-partisan agency because cybersecurity isn’t political, the head of the agency said on Wednesday.
CISA Director Jen Easterly said she is an Independent, noting her previous work in the presidential administrations of George W. Bush and Barack Obama. Easterly was appointed by President Biden earlier this year to lead the agency.
“At the end of the day, I believe very strong that this agency needs to be a non-partisan agency,” she said during an event hosted by WIRED. “Cybersecurity is a non-political issue and election infrastructure needs to be a non-partisan issue.”
Easterly said she recently hired Kim Wyman, the Republican secretary of state for Washington, to lead CISA’s election security efforts not because of her party affiliation but because of her decades of experience and expertise as an election official.
“And I really needed somebody who had those strong partnerships with the rest of the secretaries of state and the election security officials because we know that 2022 is going to be complicated and 2024 is going to be even more complicated, and I need to ensure that we have the best people working with Republicans and Democrats at the state level, at the local level, at the county level making sure they have everything they need to conduct safe and secure elections.”
Asked about the challenge of disinformation and the evolution of it being foreign-based to one now primarily from domestic actors, Easterly said it’s “really, really dangerous” in the current environment that “we now live in a world where people talk about alternative facts post-truth.”
CISA runs a website called Rumor Control to combat misinformation and disinformation that threatens the nation’s electoral process and Easterly said she plans to grow this team.
Easterly is an Army veteran who stood up the service’s first cyber battalion, worked with a team to create U.S. Cyber Command, and spent most of her career on offensive cyber operations before leaving government to lead a cyber fusion center at the financial firm Morgan Stanley [MS]. She said her experience in the Army and intelligence community with offensive cyber operations educated her “to understand how adversaries operate because you have to have what I call adversarial empathy…to really understand how the adversary operates. The tactics, techniques, the procedures to be the best defender you can be.”
CISA has two primary roles in cybersecurity. One is protecting the information networks of federal civilian agencies and the other is to work with the private sector and state, local, tribal and territorial governments to help them reduce risks to their networks.
Easterly has been reaching out to the hacker community to help find vulnerabilities in networks so they can be closed.
“You know, at the end of the day, I feel like that’s my community man, and we want to ignite the power of hackers and researchers and academics, because at the end of the day the world is full of vulnerabilities and I feel like the offense is dominating the defense,” she said. “And so, I want to make sure that we are tapping into the brilliance and the goodness of that community to help us identify and to close those vulnerabilities.”
Last week, CISA announced that it will be establishing a Cybersecurity Advisory Committee and Easterly said that she will soon announce committee members who will help continue to reach out to the hacker community.
“You know, in many ways the status quo is unacceptable,” she said. “The status quo of the dot.gov is unacceptable.” She added that she is most worried about the status quo of critical infrastructure security.