The nation's cyber defense agency has finally found its footing as the go-to intermediary between private companies and the U.S. government to defend against major cyberattacks.

Why it matters: The Cybersecurity and Infrastructure Security Agency is the youngest U.S. agency, and it's faced several growing pains as it's put down roots in the federal government.

Between the lines: Director Jen Easterly told Axios she now prefers a different image than the previously established one of CISA as the "quarterback" of the federal government's cyber team. Now, she thinks of her agency as the goalie.

• "We've tried really hard to operate cohesively and coherently with our teammates. We're the head goalie," Easterly told Axios at the Silverado Annual Summit in Napa over the weekend. "At the end of the day, we're the cyber defenders."

Driving the news: CISA will be out in full force at RSAC this year, and some high-profile projects will likely be unveiled in the coming days.

• CISA is preparing a new public awareness campaign styled after "Schoolhouse Rock" — which the director has been pushing for years.
• CISA will release a pledge this week signed by tech companies promising to implement "secure-by-design" standards.
• Easterly is scheduled to sit on two panels during the conference. Eleven other CISA officials will also be speaking, while Homeland Security Secretary Alejandro Mayorkas will give a keynote address.

Catch up quick: When CISA was established five years ago, the agency faced several questions about how it would work with other agencies that were already tasked with investigating cyberattacks and nation-state threats.

• The agency has prioritized building trusted relationships with the FBI, the intelligence community, various regulatory agencies and the private sector to help answer those questions.

Zoom in: Part of the new "goalie" image also involves talking more publicly about the proactive defensive work CISA has been doing to detect malicious activity on critical infrastructure companies' systems.

• Similar to the Cyber Command's "hunt-forward" teams, CISA has its own domestic hunt teams that collaborate with critical infrastructure operators to scan their networks and eradicate any found intrusions.
• "It's not something we talk very much about," Easterly said, noting that these teams have been focused on malicious Chinese nation-state activity against American infrastructure for roughly a year now.

Yes, but: Easterly said that while CISA quadrupled the number of engagements it had between 2022 and 2023, there's certainly more work to be done to ensure that all operators are aware of the agency's work.

Threat level: Persistent Chinese threats to American infrastructure have made the agency's work even more consequential.

• Easterly said she has not seen any other nation-state groups mimicking China's Volt Typhoon operation; however, the changing nature of China's cyber activity in recent years has still been alarming.
• "We truly believe this is just the tip of the iceberg," Easterly said. "This threat is not theoretical. The threat is real, the threat is urgent."

The State Department released its highly anticipated international cyber strategy at the RSA Conference yesterday.

Why it matters: The strategy sets the tone for how the U.S. tackles international cyber diplomacy efforts, including conversations with allied nations about cyber norms, sanctioning ransomware gangs and establishing data governance policies.

What they're saying: "The choices that we make today, that you make today, will be decisive, and they will reverberate for generations," Secretary of State Antony Blinken said during a keynote speech yesterday.

Zoom in: The Biden administration's new international cyber strategy lays out several action areas that will be core tenets of State's cybersecurity and tech policy work.

• Those commitments include maintaining an open and resilient digital ecosystem, aligning data governance policies across allied nations, establishing cyber norms, and building out international government partnerships in cybersecurity.
• The strategy also lays out practical efforts the State Department will take to secure telecommunications networks and engage with civil society and nongovernmental organizations, and it details partnerships the department is undergoing to help counter disinformation.

Threat level: The strategy also names China as the "broadest, most active, and most persistent cyber threat to government and private sector networks in the United States."

Catch up quick: State has been building out its new cyber diplomacy bureau for roughly two years, and the new strategy further formalizes the bureau's priorities list.

Between the lines: It's extremely rare for the secretary of state to appear at RSAC — underscoring how important the department sees the private sector's role in implementing the international cyber strategy.

• The Biden administration recently started backing a set of investment principles established by Paladin Capital Group that are aligned with the strategy.
• CISA has also worked with the State Department to promote its "secure-by-design" principles around the world.

What's next: The strategy teases that the U.S. Agency for International Development (USAID) is working on its own digital policy.

Several major technology providers are expected to sign onto CISA's "secure-by-design" pledge during the RSA Conference this week.

Why it matters: The pledge is a "recognition" across both the private and public sectors that security flaws in technology are "enabling attackers to have their ways with us," Brandon Wales, the executive director of CISA, told Axios on Monday.

Driving the news: More than 60 companies are expected to sign the pledge at the conference tomorrow promising to build stronger security into their software from the very beginning of production, the Wall Street Journal reported yesterday.

• Those companies include Microsoft, Google, Amazon Web Services, IBM, Cisco and Palo Alto Networks.

The big picture: The government is using every tool it has at its disposal to inch toward the administration's goals of establishing mandatory minimum cybersecurity standards, Wales said.

• That toolbox includes a mix of regulatory authorities that previously weren't used fully, voluntary tools like the "secure-by-design" pledge, and other public-private partnerships.
• "It may not be enough, but we're going to use every tool we have, and we're going to continue to push Congress to say more needs to be done here," Wales said.

Between the lines: Wales argued that baking security into devices and software from the beginning of development can help offset nation-state attacks.

Yes, but: The pledge isn't an enforceable document and relies on companies following through on the promises they're making.

What's next: More details about the pledge and how companies will enforce these principles throughout their organizations are expected during this week's signing event.

@ D.C.

🇨🇳 China reportedly attempted to hack a payroll system at the U.K. Ministry of Defence in at least two attacks that exposed employees' names and bank details. (Sky News)

✍🏻 President Joe Biden is expected to sign a bill into law this week that would modernize and streamline how child sexual abuse material is reported to the National Center for Missing and Exploited Children. (NBC News)

🗣️ The White House has started conversations with software developers about the best ways to incentivize companies to prioritize cybersecurity and potentially make those companies liable for attacks. (Nextgov/FCW)

@ Industry

👀 Microsoft is overhauling its internal production processes to prioritize cybersecurity after a series of nation-state attacks. (Axios)

🤖 Google unveiled a new set of products that brings generative AI into its threat intelligence. (The Verge)

🧳 AT&T has spun out its cybersecurity services business and formed a joint venture called LevelBlue focused on managed cyber services. (Dark Reading)

@ Hackers and hacks

🔍 The LockBit ransomware gang's seized darknet site was unexpectedly resurrected over the weekend. (The Record)

💻 A pair of far-right media outlets' websites were hacked and defaced late last week. (CyberScoop)

⚠️ The City of Wichita is facing a ransomware attack that prompted the government to shut down some of its systems. (KSN-TV)

The marketing madness is out in full force around San Francisco's Moscone Center — including fun, interactive displays (like KnowBe4's claw machine); a "Tortured Security Department" T-shirt giveaway; and rumors that Meghan Trainor, Duran Duran and Third Eye Blind are performing at different vendor parties 👀.

• At RSAC this week? Be sure to send me all the gossip and weird sightings from the ground by replying to this email 🫡.