US ‘can’t PSA our way out’ of cyber vulnerability, CISA director says
CISA Director Jen Easterly, shown here giving testimony at an April 2022 budget hearing, wants corporations to take more responsibility for their cybersecurity. Kevin Dietsch/Getty Images
Speaking during a Cybersecurity Advisory Committee meeting, CISA Director Jen Easterly noted that corporate responsibility for cyber must stand “as a matter of good governance.”
Increased corporate responsibility and critical infrastructure protection for cybersecurity are two items the Cybersecurity and Infrastructure Security Agency will continue to prioritize as a means to secure digital networks across the country.
During a Thursday Homeland Security Department meeting of the Cybersecurity Advisory Committee — established in June 2021 to provide agency leaders with guidance on cyber issues and comprised of CISA director-appointed experts from outside government — CISA director Jen Easterly walked the members through her agency’s upcoming national cyber defense priorities in conjunction with CSAC recommendations.
Easterly and CSAC members concurred on the importance of further safeguarding the digital networks of critical infrastructure, such as schools, hospitals and local election offices, both through the expertise of newer CSAC members and also through further promotion of CISA’s Shields Up public service support.
Despite the utility of resources and PSAs, Easterly noted that one of CISA’s continuing goals will be to shift more accountability for cybersecurity onto corporate leadership and embed strong cyber defense in the daily operational practices for all sectors.
“While cyber hygiene is important, we can’t PSA our way out of this,” she said. “CEOs and boards must embrace cyber risk as a matter of good governance and as a matter of business.”
Easterly’s position on ensuring private sector entities keep up with recommended cybersecurity practices follows her previous assertions that unsafe tech products are causing cyber vulnerabilities in the U.S., as well as a multi-agency push for developers to employ a secure by design approach when creating new technologies, a pillar within the National Cyber Strategy released by the White House in March.
“It's always going to be Shields Up all the time,” she said on Thursday’s call. “So [we] really need to understand the gradation of the threat, whether it's the ongoing threat of ransomware or the epoch-defining threat of China, not just for data theft but for disruptions [and] destruction.”
Easterly added that more work on this campaign will allow CISA and the federal government to give American citizens “the right signals” to be properly prepared on a cybersecurity front. She confirmed that “systemic resilience” is at the core of CISA’s mission to foster a stronger culture of cybersecurity in U.S. organizations and particularly within federal agencies.