Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher Krebs announced the agency’s strategic intent last month at Auburn University, but what does that strategy look like in action?
Krebs answered that question at the Billington Cybersecurity Summit Sept. 5 when he highlighted malware, election security, and cybersecurity community engagement as critical initiatives that CISA is tackling through its strategic intent focus.
CISA’s strategic intent principles are oriented toward several goals: making the agency an advisor to allies; providing authorities and support to partners with an emphasis on results; privacy protection; and sharpening the definition of critical risk. Behind those principles is the unifying idea of “defend today, secure tomorrow,” Krebs said.
The CISA director focused on two key issues – election security and combating malware – during his remarks on Sept. 5.
“Thinking forward on ransomware threats on voter registration databases – what’s the worst case scenario two weeks in advance of an election,” Krebs asked. “It would seem to lock up a registration database. … Now let’s work with every state and help secure their voter registration database to ensure that it is not horrible to a ransomware attack. That’s about secure tomorrow.”
Pushing up operational capabilities, reducing duplicative work, and being more attentive to partners’ needs are among CISA’s priorities on election security, Krebs said. He cited a George Washington quote – “listen, learn, help, lead” – to explain CISA’s ethos in tackling election security.
“In 2016 we were listening – what do they need?” Krebs said. “We were learning how election security happens in the state and local level. We helped in 2018. We provided them information, training, exercises, capabilities. [For] 2020, we’re leading. We’re not going to let the Russians come back or not going to let the Chinese [interfere]. We’re going to be ready.”
Krebs called on the cybersecurity community to “preach, plan, [and] participate” as it engages with the election community to relay best practices, and help realize CISA’s “secure tomorrow” objective.
“Actually be a part of the election process,” Krebs urged. “Everybody in here owns part of this process, and it’s in the participation part supporting it. And this is something that everybody has an ultimate objective in defending democracy, whether it’s in a day job as a technologist or cybersecurity professional, or just as an American voter, and something I think we all can do,” he said.