Analysis
Attacks and Vulnerabilities
CISA
Critical infrastructure
News

Homeland Security Committee hears Jen Easterly on current cybersecurity posture in defending critical infrastructure

May 01, 2023
Homeland Security Committee hears Jen Easterly on current cybersecurity posture in defending critical infrastructure

The U.S. Homeland Security Committee hosted a subcommittee hearing last week as it works on evaluating the President’s Fiscal Year 2024 budget request. The meeting comes as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has requested US$3.1 billion, a $145 million increase over the FY 23 enacted funding level. The meeting provided Jen Easterly, CISA director, an opportunity to lay down her views on the agency’s evolution and where it needs to grow and mature by 2025. 

“The dialogue we have during this hearing will help inform our committee’s review of the budget, particularly the new programs CISA proposes within, including the evolution of the National Cybersecurity Protection System,” Andrew Garbarino, a Republican from New York and chairman of the Subcommittee on Cybersecurity and Infrastructure Protection, said at the Committee meeting. Easterly was a witness at the Subcommittee on Cybersecurity and Infrastructure Protection hearing entitled, ‘CISA 2025: The State of American Cybersecurity from CISA’s Perspective.’

At the meeting, Easterly discussed the country’s cybersecurity posture, emphasizing the importance of collaboration between public and private organizations in safeguarding critical infrastructure. It also follows up last month’s meeting hosted by the Homeland Security Committee, where industry leaders provided their perspective on the state of American cybersecurity and how the CISA has developed since its creation five years ago. 

Garbarino said in his opening remarks that he was glad that “we will hear directly from CISA Director Jen Easterly on her views on CISA’s evolution and where it needs to grow and mature by 2025.”

“In our last hearing, there were some common themes from our witnesses that I hope to further explore with Director Easterly this afternoon,” Garbarino commented. “First, we learned that CISA must work with industry and interagency partners to ease the compliance burden that industry faces from duplicative regulation. It’s clear that our nation must increase resilience to cyber risk across the board, particularly within our critical infrastructure sectors. But, we must find the right balance between regulatory burden and improving security outcomes.”

“We also heard a lot about one of CISA’s newest initiatives: the Joint Cyber Defense Collaborative, or JCDC,” according to Garbarino. “We heard that JCDC has the potential to be a value-add to the private sector but additional transparency around its mission and processes would benefit both JCDC and industry. Finally, and perhaps most foundationally, we heard about the need for a robust cybersecurity workforce. We need not only enough people but the right people with the right skills, in the right jobs. This is one of my top priorities this Congress and I am looking forward to hearing Director Easterly’s perspective on how CISA can best contribute to the development of our national cyber workforce,” he added.

In her testimony, Easterly said that as the nation’s cyber defense agency, CISA is charged with leading the national effort to understand, manage, and reduce risk to the cyber and physical infrastructure Americans rely on every hour of every day. “Securing our Nation’s critical infrastructure is a shared responsibility requiring not just a whole-of-government, but a whole-of-Nation approach.” 

“CISA is only able to accomplish our mission by building collaborative, trusted partnerships across all levels and branches of government, the private sector, academia, and the international community,” according to Easterly. “CISA’s Joint Cyber Defense Collaborative (JCDC), for the first time, enables the government, the private sector, and U.S. international partners to come together to develop joint cyber defense plans and enable real-time information sharing.” 

As part of this mission, CISA plays two key operational roles, as Easterly outlined. “First, we are the operational lead for federal cybersecurity, charged with protecting and defending Federal Civilian Executive Branch (FCEB) networks (e.g., the ‘.gov’), in close partnership with the Office of Management and Budget, the Office of the National Cyber Director, and agency Chief Information Officers and Chief Information Security Officers. Second, we serve as the coordinator of a national effort for critical infrastructure security and resilience, working with partners across government and industry to protect and defend the nation’s critical infrastructure. In both roles, CISA leads incident response to significant cyber incidents in partnership with the Federal Bureau of Investigation (FBI) and the Intelligence Community,” she added. 

Looking forward to CISA’s 2023 and 2024 priorities, Easterly said that “CISA will remain focused on strengthening our Nation’s cyber and physical defenses. We will work closely with our partners across every level of government, in the private sector, and with local communities to protect our country’s networks and critical infrastructure from malicious activity and will continue to share timely and actionable information, intelligence, and guidance with our partners and the public to ensure they have the tools they need to keep our communities safe and secure and increase nationwide cybersecurity preparedness.”

She added that CISA continues to make critical investments in its mission-enabling activities and functions that will mature the agency and better support the execution of its operational capabilities. “CISA’s Mission Support program provides enterprise leadership, management, and business administrative services that sustain day-to-day management operations for the Agency. This is essential to ensure we can hire a diverse and talented workforce and execute our missions with the technology and speed that keep us ahead of our adversaries.” 

“CISA is also focused on the work we must do to implement the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA),” Easterly said. “CISA must ensure that it has the staffing, processes, and technology capabilities in place to successfully implement and utilize information provided through CIRCIA. We must engage in additional outreach efforts regarding the notice of public rulemaking and the planning efforts required to educate covered entities and CISA stakeholders on the cyber incident reporting requirements, reporting protocols, and reporting methods, as well as voluntary reporting options.” 

Apart from the rulemaking process, “CISA must ensure we can receive, manage, analyze, secure, and report on incidents reported under CIRCIA, maturing our current ability to receive and analyze incident reports, manage incidents, coordinate with and notify the interagency, and implement incident data protection functions required by CIRCIA,” Easterly added.

Easterly also outlined that new efforts at the Cybersecurity Division (CSD) which spearheads the national effort to ensure the defense and resilience of cyberspace will include initiating the Joint Collaborative Environment (JCE) to enable CSD to develop an internal analytic environment that provides more efficient analysis of mission-relevant classified and unclassified data through automation and correlation to identify previously unidentified cybersecurity risks. The JCE enables CSD to fulfill its mission and better integrate cyber threat and vulnerability data that CISA receives from our federal, SLTT, and private sector stakeholders, and rapidly work with those stakeholders to reduce associated risk.” 

“To effectively execute our role as the operational lead for federal civilian cybersecurity, CSD must maintain and advance our ability to actively detect threats targeting federal agencies and gain granular visibility into the security state of federal infrastructure,” Easterly wrote. “To effectuate these goals, CSD continues to mature the National Cybersecurity Protection System (NCPS) and Cyber Analytics Data System (CADS).”

In the coming year, Easterly said that portions of the NCPS will transition to the new CADS program with intrusion detection and intrusion prevention capabilities remaining under the legacy program. “CADS will provide a robust and scalable analytic environment capable of integrating mission visibility data sets, visualization tools, and advanced analytic capabilities to cyber operators.” 

Together with the Continuous Diagnostics and Mitigation (CDM) program, these programs provide the technological foundation to secure and defend FCEB departments and agencies against advanced cyber threats, Easterly said. “CDM enhances the overall security posture of FCEB networks by providing FCEB agencies and CISA’s operators with the capability to identify, prioritize, and address cybersecurity threats and vulnerabilities, including through the deployment of Endpoint Detection and Response (EDR), cloud security capabilities, and network security controls.”

Easterly also outlined the National Risk Management Center (NRMC) which develops analytic insights to identify and advance risk mitigation opportunities that improve national security and resiliency across critical infrastructure sectors. “These analytic products support investment and operational decision-making throughout the public and private sectors. The NRMC will continue two critical efforts related to SRMAs and National Critical Function (NCF) Analytics in the coming year,” she added.

“First, the NRMC will continue to expand risk analysis and risk management across high-priority critical infrastructure sectors. This risk analysis provides insight into cross-sectoral risk and significant sector-specific risks to support all of CISA in routinely identifying and prioritizing focused risk management opportunities to create tangible risk reduction outcomes,” Easterly said. “Second, the NRMC will continue our NCF efforts to enhance analytic capabilities, including methodology and framework development to identify and characterize critical infrastructure interdependencies within and across NCFs. This includes applied analysis to meet specific analytic requirements in the infrastructure community to enable CISA to understand consequences that extend beyond a single sector.”

Easterly also covered in her testimony CISA’s Infrastructure Security Division (ISD) which leads and coordinates national programs and policies on critical infrastructure security, including conducting vulnerability assessments, facilitating exercises, and providing training and technical assistance. “ISD’s mission focuses on efforts such as reducing the risk of targeted violence directed at our Nation’s schools, communities, houses of worship, and other public gathering locations. In addition, ISD leads programmatic efforts to secure our Nation’s chemical infrastructure through implementation of the Chemical Facility Anti-Terrorism Standards (CFATS) regulation, authority for which is expiring on July 27, 2023,” she added.

Last week, Homeland Security Committee members wrote to Easterly requesting details on reported plans to establish a new program office to identify ‘systemically important entities’ (SIE) by the end of September. The initiative seeks to identify the most vulnerable critical infrastructure entities across the country. The members have also sought clarity on whether these goals complement, replace, or are duplicative of existing efforts already underway in the agency to identify and mitigate systemic risk.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights