When the United States government founded the Cybersecurity and Infrastructure Security Agency (CISA) in 2018, it marked a significant step toward combating digital threats. CISA's key initiatives, Secure By Design-Default and the Joint Defense Cyber Collaborative (JCDC), aim to improve national cybersecurity by fostering collaborations between the public and private sectors.
On June 12th, 2023, CISA director Jen Easterly spoke with the head of Aspen Cyber, Jeff Greene, to discuss CISA’s cybersecurity priorities for 2023. The event was hosted by the Aspen Institute, an international nonprofit organization founded in 1949. Their mission is to drive "change through dialogue, leadership and action to help solve the most important challenges facing the United States and the world."
We had the opportunity to listen to their conversation and wanted to share her top priorities and the trends Jen is watching closely. You can watch the full live stream here.
Security by Design-Default
When assessing the cybersecurity threat landscape, CISA recognized the need for a novel approach to stay ahead of malicious actors. Jen explains that the underlying cause of breaches is technological vulnerabilities and cultural issues. She emphasizes, “We’ve accepted that we have to constantly update our software, constantly patch and we’ve accepted that the cybersecurity burden is placed on individuals and small businesses who are least aware of the threat and least capable of defending themselves.”
In response to these persistent tech vulnerabilities and the mounting cybersecurity threat, CISA believes that the most effective strategy is adopting a Security by Design-Default approach to all tech products. Security by design ensures that tech manufacturers build thoroughly developed, tested and deployed products using memory-safe code to reduce the number of flaws.
Security by default implies baking security features directly into the product, so companies don’t have to think about it. For example, this could mean automatically enabling multifactor authentication instead of making it optional.
Election security
With the midterm elections on the horizon, Jen emphasizes the need for equipping local election sites with the tools and training to handle physical incidents. She asserts, “CISAs mission is to reduce risk to the cyber and physical infrastructure that Americans rely on every day.” CISA aims to equip local electoral sites with the tools and training to de-escalate a physical incident if one were to occur.
CISA also believes voter education is critical to election security. Elections differ across states and regions, so when voters understand the process, they’re helping improve the safety of our elections both physically and through the information spread.
| Speak to a Highwire security expert |
Securing AI
While artificial intelligence (AI) has transformed how we work today, Jen points out that as our proficiency and knowledge of AI grow, so do threat actors' capabilities to commit sophisticated cybercrimes.
Jen emphasizes the importance of adopting the Security by Design-Default approach to build security-first AI solutions. Ultimately it’s up to those who create AI solutions to do it responsibly and securely. She is also clear that countries such as China, which are key players in the AI arena, must be included in discussions about AI security to help minimize the global risk of AI.
Protecting against China
Adversaries, like China, are no longer focused on espionage. Their strategy has shifted toward disruption and destruction. Jen highlights a recent statement by China, which she believes didn’t get enough attention: “In the event of a conflict, China will use aggressive operations to go against critical infrastructure.” She urges us to prepare for this very real threat.
China’s strategic advantage isn’t rooted in complex hacking techniques but rather in the use of native computer processors to infiltrate networks. The US must proactively respond to these threats by strengthening defenses around critical infrastructure.
Looking ahead
As we move further into 2023, it's clear that Security by Design-Default, election security, AI and cybersecurity challenges posed by China will take center stage. Stay informed as these trends continue to evolve and share the security industry.
To learn more about Highwire’s cybersecurity practice and our onsite conference support services, visit our website today.
