CISA Views Critical Infrastructure and Cybersecurity Through Global Lens - AFCEA Signal Magazine
2023-09-29 16:12 (EST) - George I. Seffers
If an international coalition that includes multiple U.S. agencies gets its way, software manufacturers rather than their customers will be largely responsible for securing software used to defend critical infrastructures.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI), the National Security Agency and the cybersecurity authorities of Australia, Canada, United Kingdom, Germany, Netherlands and New Zealand jointly developed “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and-Default.” The first-of-its-kind joint guidance was announced in June and “urges manufacturers to take urgent steps necessary to ship products that are secure-by-design and -default,” according to a CISA press release.
Kaitlin Jewell, CISA’s associate director of international affairs, said in a recent interview that her agency is committed to promoting a shift in the approach to cybersecurity. Jewell works with foreign partners to build CISA’s capacity and strengthen the U.S. government’s ability to globally defend against cyber incidents and enhance the security of critical infrastructure.
“We engage with the global community to ensure CISA is well positioned to understand how these emerging challenges overseas impact our domestic infrastructure and networks. We also work to build partnerships with peer nations to bolster collective defense against both adversaries and hazards and to assist emerging partner states as they build their own domestic capabilities to complement and expand that shared network defense,” Jewell explained in a recent SIGNAL Media interview.
She emphasized the value of the security-by-design-and-default approach. “CISA’s really committed to promoting a shift collectively on how we’ve been doing cybersecurity. Really what this means is shifting the burden of security away from the customer, shifting the burden for mitigating cyber risk to the most capable entities, the private and public sector, and particularly for CISA International, shifting how we promote this to international partners in our coordination efforts.”
The multinational guidance exemplifies the degree to which the United States and its international partners view critical infrastructure and cybersecurity through a global lens, Jewell said. “When we talk about the benefits of CISA International, we are increasingly at the forefront of efforts to shape the global policy ecosystem. That’s really ensuring that the U.S. and our partners speak with one voice on the development of international policies and standards. An example of that is secure-by-design, of course, and really ensuring secure and open networks and building resiliency to what are now shared challenges to infrastructure throughout the world.”
Security-by-design and -default is highlighted in the agency’s strategic plan for 2024-2026. “We must be clear-eyed about the future we seek, one in which damaging cyber intrusions are a shocking anomaly, in which organizations are secure and resilient, in which technology products are safe and secure by design and default. This is a shared journey and a shared challenge, and CISA, as America’s cyber defense agency, is privileged to serve a foundational role in the global cybersecurity community as we achieve measurable progress to our shared end state,” according to the strategy.
