Top U.S. cyber agency enters its "head goalie" era
- Sam Sabin, author ofAxios Codebook
Photo illustration: Axios Visuals; Photo: Kevin Dietsch/Getty Images
The nation's cyber defense agency has finally found its footing as the go-to intermediary between private companies and the U.S. government to defend against major cyberattacks.
Why it matters: The Cybersecurity and Infrastructure Security Agency is the youngest U.S. agency, and it's faced several growing pains as it's put down roots in the federal government.
Between the lines: Director Jen Easterly told Axios she now prefers a different image than the previously established one of CISA as the "quarterback" of the federal government's cyber team. Now, she thinks of her agency as the goalie.
- "We've tried really hard to operate cohesively and coherently with our teammates. We're the head goalie," Easterly told Axios at the Silverado Annual Summit in Napa over the weekend. "At the end of the day, we're the cyber defenders."
Driving the news: CISA will be out in full force at RSAC this year, and some high-profile projects will likely be unveiled in the coming days.
- CISA is preparing a new public awareness campaign styled after "Schoolhouse Rock" — which the director has been pushing for years.
- CISA will release a pledge this week signed by tech companies promising to implement "secure-by-design" standards.
- Easterly is scheduled to sit on two panels during the conference. Eleven other CISA officials will also be speaking, while Homeland Security Secretary Alejandro Mayorkas will give a keynote address.
Catch up quick: When CISA was established five years ago, the agency faced several questions about how it would work with other agencies that were already tasked with investigating cyberattacks and nation-state threats.
- The agency has prioritized building trusted relationships with the FBI, the intelligence community, various regulatory agencies and the private sector to help answer those questions.
Zoom in: Part of the new "goalie" image also involves talking more publicly about the proactive defensive work CISA has been doing to detect malicious activity on critical infrastructure companies' systems.
- Similar to the Cyber Command's "hunt-forward" teams, CISA has its own domestic hunt teams that collaborate with critical infrastructure operators to scan their networks and eradicate any found intrusions.
- "It's not something we talk very much about," Easterly said, noting that these teams have been focused on malicious Chinese nation-state activity against American infrastructure for roughly a year now.
Yes, but: Easterly said that while CISA quadrupled the number of engagements it had between 2022 and 2023, there's certainly more work to be done to ensure that all operators are aware of the agency's work.
Threat level: Persistent Chinese threats to American infrastructure have made the agency's work even more consequential.
- Easterly said she has not seen any other nation-state groups mimicking China's Volt Typhoon operation; however, the changing nature of China's cyber activity in recent years has still been alarming.
- "We truly believe this is just the tip of the iceberg," Easterly said. "This threat is not theoretical. The threat is real, the threat is urgent."