CISA director: Cybersecurity is ‘not an impossible problem’

LAS VEGAS — Despite a stream of devastating cyberattacks or mistakes that halt or disrupt large swaths of the economy, Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, says the war against malicious activity is not lost.

It is possible to elevate organizations’ ability to repel or mitigate attacks and place a greater emphasis on vendors’ responsibilities, Easterly said Wednesday during a media briefing at Black Hat. “We got ourselves into this, we have to get ourselves out,” she said.

Easterly’s optimism isn’t the result of blind trust. “We have made enormous progress, even just over the past several years,” she said.

The U.S. government has strengthened connections with businesses and international partners, and more CEOs and boards are treating cyber risk as a core business function. They’re embracing corporate cyber responsibility as a matter of governance, rather than relegating it to IT professionals and security leaders, Easterly said.

But above all else, CISA’s secure by design initiative holds the greatest promise in the fight against malicious activity, according to Easterly. CISA’s most aspirational objective since Easterly joined the agency in 2021 aims to shift the responsibility for security from customers to vendors.

“I think the war will be won when we are truly able to catalyze an approach to secure by design software. That is the one key initiative that we all need to focus on deliberately and it’s a really hard problem,” Easterly said.

The secure by design principles, first introduced in April 2023, took the form of a voluntary pledge in May with 68 technology companies signing on to embrace secure development practices. Nearly 200 companies have signed the pledge to date.

To read the complete article, visit Cybersecurity Dive.