CISA Head Speaks to Cybersecurity Threat and Emergency Management’s Role

While attending the Idaho Office of Emergency Management’s Annual Preparedness and Cybersecurity Conference, the third day was dedicated to cybersecurity. One very high-level presenter was Brandon Wales, executive director, Cybersecurity and Infrastructure Security Agency (CISA).

Below are some cryptic notes taken while he was speaking.

There is a need for EM to be involved in cybersecurity.

Current threat environment:

• Highest ever in his 20 years of working the issue
• Growing threat from nation threat advisories, even at the unclassified level. The annual threat assessment points to China and their ability to disrupt and destroy critical infrastructure. Assessment from intel community is they have the ability to do this today. Only purpose to be prepared for a future disruptive attack. We need to work to keep them out and when that fails, we need a response capability. What is our response capability? There is a role for emergency management to help orchestrate the response to disruptions. In a war with China their plan is to disrupt our supply chain and attack critical infrastructure here in the USA to create chaos. They already have that capability in place TODAY!
• Growing threat of criminal organizations. There is a specialization among them. Working on tools and lowering the barriers to gaining entry. Ransomware, no one is too small: cities, police departments, hospitals. They operate from countries that offer safe harbor.

Our CISA Strategy

• Address immediate threats. Be prepared to respond. Disclose vulnerabilities when discovered. Co-partnerships with companies and universities to find the problems before they have been attacked. 1,250 companies notified that they were compromised before they were actually acted upon.
• Need organizations and people to report when they are being impacted. It helps the broader ecosystem of organizations. Early reporting of what is happening on their network is essential. You can also benefit from others doing their reports.
• Working on regulation for mandatory regulation for critical infrastructure to report attacks. That regulation will roll out in early 2024.
• What can we do to beef up our infrastructure? Know what the vulnerabilities are that are currently being attacked.
• Programs designed to protect aspects of our infrastructure. We can look for those vulnerabilities and notify organizations before they are compromised. All this has been authorized by Congress.
• Ransomware attackers don’t care about if the organization is large or small.
• Working to provide information via advisories as information is gained. Gone all in on sharing information. Protective Security Advisers (PSAs) are there to support you. They are located throughout the nation.
• Goal is to drive security at scale. Our adversaries have too many opportunities. What can we do to build a more secure infrastructure. Security has for too long not been a priority when designing software.

Building a cybersecurity workforce is everyone’s responsibility.

Classes of devices are being used that are creating risk. The cloud computing and file sharing process for moving data is one such risk that needs to be locked down.