CISA Director: Tech industry should infuse security at product design stage – Cybersecurity Dive

Agency director Jen Easterly outlined a push for faster incident reporting and closer industry collaboration.
Easterly acknowledged the nation is in a very intense threat environment with a number of recent challenges, including the Log4j vulnerability and other security concerns. However, by working together against sophisticated adversaries, Easterly argued the U.S. can make it very expensive and uncomfortable for threat actors to launch major attacks against the nation. 
“Attackers have budgets too,” Easterly said. “We have to work together to make sure we are increasing the marginal cost of their investment.”
Easterly, followed by National Cyber Director Chris Inglis, kicked off the first post-pandemic reunion at the summit, where key cybersecurity leaders from the federal government gathered with private industry security leaders and other key stakeholders. 
CISA’s director praised Biden administration efforts to make cybersecurity a national priority. Those efforts were fueled in large part by catastrophic events like the SolarWinds supply chain attack, attributed to a Russia-backed threat actor, as well as by a series of major ransomware attacks against critical infrastructure providers, including Colonial Pipeline and meat supplier JBS USA
Easterly also said the aim is to develop a real partnership with private industry, encourage greater interaction between various government agencies and facilitate more collaboration with foreign allies. 
A stakeholder call was scheduled for this afternoon with cybersecurity counterparts at the National Cyber Security Centre in the U.K., said Easterly. The U.K. has dealt with recent ransomware attacks against the National Health Service and a large water supplier.
 
Get the free daily newsletter read by industry experts
Companies trying to fill cybersecurity roles need to stop looking for unicorns and expand their search to qualified, but often overlooked, job candidates.  
The latest incident at Marriott is relatively minor compared to major breaches in late 2018 and early 2020, but it signals a pattern of neglect.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Share your announcement
Companies trying to fill cybersecurity roles need to stop looking for unicorns and expand their search to qualified, but often overlooked, job candidates.  
The latest incident at Marriott is relatively minor compared to major breaches in late 2018 and early 2020, but it signals a pattern of neglect.
The free newsletter covering the top industry headlines

source

Leave a Comment