The creation of new institutions over the past few years combined with greater awareness of the importance of cybersecurity across the public and private sectors has created an opportunity to capitalize on these developments to further bolster the nation’s cybersecurity and defenses, a top homeland security official said on Thursday.
“My strong belief is that if we don’t capitalize on cybersecurity as a priority, on the institutions that have been built, on this evolving collaboration across our community, if we don’t capitalize on them in the near-term and in the medium-term, we are going to miss a historic window of opportunity,” said Jen Easterly, director of the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), said.
The relatively new institutions include the stand-up of CISA, the creation of U.S. Cyber Command, the establishment of the Office of the Director of National Intelligence in the White House, a new State Department Bureau of Cyberspace and Digital Policy, and the Joint Cyber Defense Collaborative (JCDC) within CISA to bring federal, state and local governments together along with the private sector and international partners, she said at the annual CYBERWARCON conference.
The improved collaboration around cybersecurity is a “growing recognition of the incredible importance of persistent operational collaboration” to share data and insights, have a common picture of the threat, and reduce risk, all of which underpins the year-old JCDC, Easterly said.
She outlined three near-term areas of focus for capitalizing on the trends and institutions that have arisen to strengthen cybersecurity nationwide, the first being for company CEOs and boards of directors “to treat cyber risk as the existential business risk it is” and elevate it as a key to “good governance.”
The second is to make it “commonplace” routine awareness and adoption of cyber hygiene for everyone, Easterly said. These best practices include multifactor authentication, updates to software, and strong passwords, she said.
“I think it’s incredibly important that we start cyber awareness from the youngest of ages, because that will allow us to tap into a much more diverse pipeline for our cyber workforce,” Easterly said.
The third area is the need for secure software by design and default, she said, highlighting the need for a software bill of materials to increase transparency into software to illuminate its components and vulnerabilities.
“But I think we all know that the vast majority of compromises are because of poor cyber hygiene and insecure design,” Easterly said. “And in that context, technology intelligence is just as important as threat intelligence.”
In the medium-term the U.S. needs to win the technology innovation battle versus authoritarian regimes by investing in key technologies such as 6G wireless technology, quantum computing, and artificial intelligence, she said.
“Will we be the first to create a cryptographically relevant quantum computer or are we going to lose that race and that will threaten to unravel our most sensitive secrets,” Easterly said.