As the Federal government continues to focus on boosting the nation’s cybersecurity hygiene, Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly said Nov. 18 that visibility and modernization are the keys to improving the nation’s cybersecurity posture.
At Palo Alto Networks’ Public Sector Ignite conference, Easterly said those are two points she and CISA have been emphasizing in conversations with both Federal and public sector partners.
“You know if you can’t see it, you can’t defend it,” Easterly said at the event. “We’re working to really centralize visibility to improve detection of incidents across Federal government networks. … I mean it’s a pretty easy concept to say, ‘If you can see, you can defend it,’ but it’s much harder to implement at the end of the day.”
Easterly joked that she often ribs United States Cyber Command Chief Gen. Paul Nakasone that he has a “much easier” job defending the Department of Defense’s networks than CISA does overseeing Federal civilian agency networks which constitute a “patchwork” of 102 different Federal and tribal agencies and departments.
“There’s a lot to do to figure out how we’re going to be able to increase visibility,” Easterly said. “So, we’re doing that through instantiating endpoint detection and response capabilities; we’re doing that through our Continuous Diagnostics and Mitigation program; we’re leveraging new authorities that we got to allow us to hunt persistently on Federal government networks. … And I think all of that is going to get us in a better place.”
Easterly also pointed to other strategies CISA is putting in place to enhance visibility on Federal networks, like making the move to a zero trust architecture, looking to focus on object-level data, moving towards secure cloud services, and improving investigation and remediation techniques. However, Easterly also noted that modernization will be a driving factor in getting the capabilities to increase visibility.
“At the end of the day, I just want to meter expectations a little bit,” she said. “This is a huge amount of work to do. We are going at it very aggressively, but a lot of this is ensuring the investments are made.”
“Visibility is one word; the other word is modernization” Easterly said. “And that also is going to take a lot of work across the board. But I am more optimistic and hopeful about this path forward than I have been probably ever.”