Government and Industry Are In It Together | EIE Keynote Address Recap

Government and Industry Are In It Together

Collaboration is key to defeating cyber-security threats, CISA leader says.

In the early days of the Cybersecurity and Infrastructure Security Agency, the people who led it often referred to CISA as “the nation’s risk adviser.” Three years on, the agency has outgrown the “adviser” label, a classification that the current leadership has deemed insufficient and not reflective of CISA’s “aggressive mission statement.”

“At the end of the day, our goal has to be that the country is at less risk of people exploiting our systems and undermining government and critical infrastructure,” said Bob Kolasky, Director of CISA’s National Risk Management Center. Kolasky reviewed the cyber threat landscape during his keynote address at the inaugural AFCEA Bethesda’s Energy, Infrastructure and Environment Summit at the National Press Club, in Washington, D.C.

The EIE Summit was held on Nov. 16, the three-year anniversary of CISA’s founding.AFCEA Bethesda seeks to solve critical IT challenges by strengthening partnerships between the federal government and industry partners.

The shift in CISA’s framing of its mission mirrors an uncomfortable reality. There has been a sharp uptick in cybersecurity threats –in volume, sophistication and the potential for widespread damage. As threat levels have escalated, however, the country’s ability to prevent and respond to potential cyber breaches hasn’t always kept pace.

“We’re not where we need to be as a country,” Kolasky said. “We need to change that.”

Director Kolasky ticked off the most severe cybersecurity threats and adversaries, a list that read like a roll call of the usual suspects: nation states (Russia, China, Iran, North Korea), cyber criminals harbored by those governments, extortionists motivated by financial gain, adversaries trafficking in ransomware, bad actors seeking to compromise identities, and supply chain threats.

When those adversaries breach cyber defenses, the subsequent harm spreads“to communities and businesses around the country and have a cascading impact to citizens,” Kolasky said. Earlier this year, a ransomware attack on Colonial Pipeline, reported to be the largest-ever cyberattack on an oil infrastructure in the United States, led to disrupted operations, fuel shortages, panic buying and Pres. Biden’s declaring a state of emergency.

To counteract those threats, CISA is “taking a series of steps that are beginning to bear fruit,” among them renewed efforts to work with industry partners, Kolasky said. He called on entities in the public and private sectors to redouble efforts to collaborate on the shared goal of defeating cybersecurity threats.

“Let’s minimize interagency disputes. Let’s make cyber a team sport,” he said. “Government and industry are in it together.”