Chris Krebs, who led the Cybersecurity and Information Security Agency (CISA) from 2018 to 2020, said today that his vision for the Federal government’s next leap forward on the technology front involves creating a new “U.S. Digital Agency” that would combine elements of CISA and several other existing agencies to create an organization “focused on empowering better digital risk management services.”
The former CISA director laid out his vision for that type of new Federal agency during a keynote address at the Black Hat USA 2022 event in Las Vegas.
Krebs, who co-founded his own Krebs-Stamos Group firm after departing CISA, is also a Senior Newmark Fellow at the Aspen Institute.
He said today that he plans to work on the new digital agency concept in cooperation with Aspen, and that he takes inspiration in the effort from Federal government reorganizations led by President Franklin Roosevelt shortly before World War II. Those moves, he said, aimed “to make a government of the people that works for the people.”
On one side of a spectrum of ideas for structural change, Krebs said that the U.S. Digital Agency “could take elements of CISA, elements of NIST (National Institute of Standards and Technology) and NTIA (National Telecommunications Information Administration), the Department of Energy and the National Labs, maybe bits and pieces of the FTC (Federal Trade Commission) and the FCC (Federal Communications Commission), but make an agency that’s focused on empowering better digital risk management services.”
“I’m not just talking about cyber,” he said. “I’m talking about privacy, I’m talking about trust and safety issues,” he said.
“We’re not where we need to be and we’re falling behind, and Americans are suffering as a result,” Krebs said.
He also said he does not have “a whole lot of confidence right now that this Congress can get that done, can get something as broad and envisioning as an effort like that,” and as a result, “we’re going to have to look at different possible outcomes.”
Likewise, Krebs said he was “not naive enough to think that slight course corrections of individual agencies is going to be enough.”
On the other side of the idea spectrum, Krebs continued, “could be something as simple as pulling CISA out of the Department of Homeland Security, as a sub-cabinet agency, allowed to operate as an operational agency on its own.”
“We also have to kind of think through what are we prioritizing for what are we optimizing for,” he said. “Is it public-private partnerships? Is it a regulatory framework? We have to take a harder look at the way we’re organized.”
“I’m ready to make the argument that the digital environment around us has changed so dramatically in the last 25 years, while our government hasn’t kept up pace, has lagged, is slow.” He said. “The slope lines don’t have the same trajectory. I think it’s time to rethink the way government interacts with technology.”
“I think we have to take a hard look at the way we’re organized and make a smarter, more efficient, more organized government, and I’m ready to lead that charge,” he said.
Speaking of CISA in its present form, Krebs said he wants to see the government invest more in the agency to “make it easier, less complex for organizations to work with.” He added, “instead of going to five or six different agencies, make the front door clearly visible, and as I see it, that’s CISA.”
