The head of the Cybersecurity and Infrastructure Security Agency (CISA) said today that her team has plans to unveil its own international cyber strategy on the heels of the State Department’s release of its International Cyberspace and Digital Policy Strategy during the RSA Conference in San Francisco last week.
Secretary of State Antony Blinken on May 6 unveiled the Biden administration’s new international cybersecurity strategy, which focuses on building out digital solidarity with global partners to protect against adversaries like China to advance the White House’s March 2023 National Cybersecurity Strategy.
“We will shortly be releasing our own cyber CISA international strategy, which is really our plan that will come with specific measurements of effectiveness,” Jen Easterly said during a May 13 CSIS event.
“We’ve tried to really drive CISA over the past several years to be a much more data-driven agency, because at the end of the day our job is to lead a national effort to understand, manage, and reduce risk to the cyber and physical infrastructure that Americans rely on every hour of every day,” she said. “And what really matters is our ability to reduce that risk in a measurable way.”
Easterly said in five years she hopes a cyberspace exists where “ransomware is a shocking anomaly.”
“The only way that we can get there is through robust, globally driven, public-private operational collaboration, and a technology ecosystem that is built, tested, delivered, and deployed to be secure. And that has to be an international endeavor,” she said. “That’s hopefully what we will all see in the coming years as a result of the great work of my teammates and our teams.”
The State Department’s new strategy lays out four areas of action to build digital solidarity: promoting a secure digital ecosystem, aligning “rights-respecting” digital approaches with international partners, building coalitions to counter malicious cyberattacks, and strengthening the cybersecurity resiliency of partner nations.
The final action area of the new strategy focuses on strengthening the cyber capacity of international partners to the United States.
Specifically, the strategy notes that for fiscal year 2024, the State Department was granted $50 million for the Cyberspace, Digital Connectivity, and Related Technologies Fund, which allows the department “to provide rapid incident response and cyber aid quickly and effectively, as well as longer-term capacity and resilience building.”
“We’re going to treat the $50 million as pilot, and it’s incumbent upon us to ensure that it generates in the year ahead outsized foreign policy returns for the United States so that when the appropriators reconvene and are deciding what to do next year, it doesn’t get increased or decreased by 10 percent or 15 percent, but they decide that it’s worth an investment on the scale of multiple,” the State Department’s Ambassador at Large for Cyberspace and Digital Policy Nathaniel Fick said during the CSIS event today.
“Foreign assistance in that vein is one of the major principles that it’s a thread throughout the strategy,” he said. “We need to ensure that foreign assistance is a part of our technology strategy, that technology is a part of our foreign assistance strategy, and that security is baked throughout the whole thing.”
“These are pretty self-evident ideas,” he continued, “but it’s never been said and codified that way in a formal U.S. approach before.”
Another major thread of the new document is the deployment and use of AI technologies.
Easterly noted during today’s event that AI is “moving faster than any technology we’ve seen before – that it’s more unpredictable, and arguably more powerful.” And while it can be used for bad, the tool can also be used for good, she said.
The CISA director said that the agency just completed a pilot project and is planning to publish the results on how generative AI can be used for detection of cyber threats to infrastructure.
“We really need to ensure that even as these capabilities are developing, that they’re developing responsibly, that technology developers are innovating, but putting security as a top priority,” she said.
“We do want to marshal a collective, international, global strategy with allies and partners who are focused on ensuring the protection of civilian populations of civil society more broadly, but also recognize that civilian critical infrastructure should be off limits from malicious cyberattacks,” Easterly said.
“It’s just important to recognize the context that the strategy is being delivered in a world, frankly, that is more complex and more dynamic from a threat environment perspective, and I think it just puts an additional emphasis on how important it is to work with our allies and partners, for us all to bring the authorities, the talents, the capabilities together, working with the private sector, to really ensure the security and resilience of the cyberspace we all rely upon,” the CISA director said.