[TheRecord] CISA Director tells new Advisory Committee she wants more than just talk

The Cybersecurity and Infrastructure Security Agency’s new Cybersecurity Advisory Committee kicked off Friday with a meeting that focused on the importance of building functional cooperation between the public and private sectors to defend U.S. networks.

“I welcome this group creating action,” CISA director Jen Easterly told the group, adding that she didn’t want it to just be a “talking club.” Instead of lengthy white papers, Easterly said she hopes the committee will produce short action plans that can be implemented. 

Easterly announced the committee’s twenty-three members, which are largely drawn from the private sector, at the beginning of December.

Mastercard chief security officer and committee chair Ron Green emphasized how much of infrastructure related to protecting the U.S. is in private hands, as did vice chair Tom Fanning—the chief executive of major gas and electric utility Southern Company. 

“We have to reimagine in America the notion of national security,” Fanning said. “The battles of today and in the future are going to be fought partially on our financial systems, our electrical grids, and so many other systems we aren’t used to,“ he added. 

Easterly noted how her agency was already working to prioritize addressing this challenge—including through the creation of the committee and a Cyber Talent Management System aimed at recruiting technical talent to the agency, as well as the Joint Cyber Defense Collaborative with major companies announced at the Black Hat security conference in August. 

The director cited her attendance there as part of an effort to “ignite” the hacker community and noted the inclusion of Jeff Moss, the founder of that conference and DEF CON who is also known by the handle Dark Tangent, in the committee. 

During the meeting, Moss said the government needed to do a better job providing on-ramps for altruistic hackers who want to help contribute to global safety. But he also cautioned that there’s a lot of resistance within that community to being associated with the U.S. military or intelligence operations, so the group should be thoughtful in their outreach.

“We should be very careful in using non-military language. You’re not a cyberwarrior, you’re not on the cyber kill chain, you’re not dropping digital bombs–you’re protecting civil society,” he said.  

Many hackers still would be unlikely to trust CISA as an institution, but over time the agency could build its reputation by bringing in individuals who already have the trust of that community, Moss said.

The post CISA Director tells new Advisory Committee she wants more than just talk appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ZDNet] Asean champions regional efforts in cybersecurity, urges international participation

All posts, ZDNet

Currently the only regional organisation to adapt UN’s 11 norms of state cyberspace behaviour, Asean pledges to drive deeper collaboration and interoperability amongst member states and calls for other international communities to cooperate amid increasing cyber threats. Source: Read More (Latest topics for ZDNet in Security)

Read More

Daily NCSC-FI news followup 2019-07-20

Iran-Linked APT34 Invites Victims to LinkedIn for Fresh Malware Infections threatpost.com/iran-apt34-linkedin-malware/146575/ The group was posing as a researcher from Cambridge, and was found to have added three new malware families to its spy arsenal. A recent phishing campaign by Iran-linked threat actor APT34 made use of a savvy approach: Asking victims to join their social […]

Read More

[SecurityWeek] FBI Warns of BlackByte Ransomware Attacks on Critical Infrastructure

All posts, Security Week

The BlackByte ransomware has been used in attacks on at least three critical infrastructure sectors in the United States, the Federal Bureau of Investigation (FBI) and the U.S. Secret Service (USSS) warn in a joint advisory. read more Source: Read More (SecurityWeek RSS Feed)

Read More