In her final days as CISA Director, Jen Easterly reflects on her tenure and the evolving landscape of U.S. cybersecurity, highlighting the dangers posed by both Chinese and Russian cyber threats. She emphasizes the importance of resilience and the need to shift focus from mere espionage to safeguarding critical infrastructure against potential disruptions and attacks. Easterly discusses the significant progress made in enhancing cybersecurity post-SolarWinds and implementing initiatives like the Joint Cyber Defense Collaborative. She advocates for corporate cyber responsibility and stresses the need for ‘secure by design’ technology to reduce vulnerabilities. As she prepares to leave CISA, Easterly expresses pride in the agency’s accomplishments and the ongoing importance of collaboration between the public and private sectors to enhance national security.
| name | description | change | 10-year | driving-force | relevancy |
|---|---|---|---|---|---|
| Cybersecurity Infrastructure Vulnerabilities | Critical infrastructure’s security often prioritized speed over safety, leading to vulnerabilities. | Shift from prioritizing efficiency and cost to prioritizing security in infrastructural design. | In 10 years, critical infrastructure will be designed with security as a primary focus, reducing vulnerabilities significantly. | Advancements in technology and heightened awareness of cyber threats compel a security-first approach to infrastructure. | 4 |
| Corporate Cyber Responsibility | Businesses increasingly recognizing cyber threats as critical risks to governance and operations. | Transition from viewing cybersecurity as purely an IT issue to a fundamental business governance concern. | Businesses will integrate cybersecurity into their core operations, creating a culture of vigilance and proactive risk management. | Growing frequency and severity of cyberattacks push companies to prioritize and manage cyber risks comprehensively. | 5 |
| Prioritization of Cyber Resilience | Focus on preparing for disruptions and recovery rather than solely preventing them. | From a purely defensive stance to emphasizing resilience and recovery in cybersecurity strategies. | Organizations will be better prepared to withstand and quickly recover from cyber disruptions, minimizing impact. | Acknowledgment that complete prevention is unrealistic leads to prioritization of resilience strategies. | 5 |
| Collaboration for Cyber Defense | Increased partnerships between public and private sectors to improve cybersecurity defenses. | Moving from isolated cyber defense efforts to collaborative strategies involving various stakeholders. | A robust ecosystem of shared information and resources enhances national cyber defense capabilities significantly. | The interconnected nature of cyber threats necessitates collaboration across sectors for effective defense. | 4 |
| AI in Cybersecurity | Emerging use of artificial intelligence for threat detection and response in cybersecurity. | Adopting AI-driven solutions from defensive tactics to proactive threat identification and remediation. | AI will play a central role in automating and enhancing cybersecurity defenses, making them more efficient and effective. | The evolving complexity of cyber threats drives the need for innovative, AI-based solutions for cybersecurity challenges. | 4 |
| name | description | relevancy |
|---|---|---|
| Geopolitical Conflict Impacting Cybersecurity | Potential invasion or blockade of Taiwan by China may disrupt critical infrastructure in the US, leading to cyber-attacks. | 5 |
| Critical Infrastructure Vulnerability | Cyber-attacks targeting critical infrastructure could lead to real-world disruptions impacting water, power, and telecommunications services. | 5 |
| Supply Chain Espionage | Chinese and Russian cyber campaigns reveal vulnerabilities in supply chains leading to widespread data theft and intrusions. | 4 |
| Rising Cyber Threats from Nation States | China is being recognized as a persistent and formidable cyber threat, focusing on both espionage and disruption. | 5 |
| Corporate Cyber Responsibility | Corporations need to prioritize cybersecurity as an existential risk, rather than a mere IT issue, especially in critical systems management. | 4 |
| Need for Cyber Resilience | Acknowledgment that disruptions are inevitable, necessitating focus on resilience and recovery strategies in cybersecurity operations. | 5 |
| Public-Private Partnership Challenges | Difficulties in collaboration between federal agencies and telecom companies can hinder effective remediation of cyber threats. | 4 |
| Inadequate Security by Design | Existing tech systems prioritizing speed and cost over security create exploitable vulnerabilities. There’s a pressing need for secure technology design. | 5 |
| Long-term Cyber Defense Strategy | Ongoing development of a structured approach is necessary for combating sophisticated cyber threats and ensuring national security. | 4 |
| name | description | relevancy |
|---|---|---|
| Corporate Cyber Responsibility | Businesses increasingly recognize cyber threats as critical risks requiring governance and proactive management, transcending IT departments to integrate into overall business strategies. | 5 |
| Cyber Civil Defense | Initiatives aimed at making cybersecurity practices as commonplace and essential as physical hygiene, focusing on community engagement and awareness. | 4 |
| Secure by Design | Technological developments prioritizing security in the initial design stages, rather than as a retroactive measure, leading to more secure products. | 5 |
| Collaborative Defense Models | Enhanced partnerships between public and private sectors to address cybersecurity threats interactively and in real-time, rather than through traditional compliance methods. | 5 |
| Resilience Training | A shift toward preparing for potential disruptions in critical infrastructure, focusing on response and recovery mechanisms rather than just prevention. | 4 |
| AI-Enhanced Cyber Defense | Utilizing artificial intelligence and machine learning to identify vulnerabilities and bolster defenses against cyber threats dynamically. | 5 |
| Trust Building in Cybersecurity | Efforts to build trust between federal agencies and local entities by employing local cybersecurity experts to facilitate collaboration and risk management. | 4 |
| Educational and Engagement Campaigns | Campaigns aimed at improving public perception of cybersecurity as engaging and necessary, thereby encouraging societal participation in cyber hygiene. | 4 |
| description | relevancy | src |
|---|---|---|
| AI technology that generates content and can enhance cybersecurity measures through predictive analytics and faster response times. | 5 | 307c9f9c16755de33ab15a8802b80e68 |
| A software development approach that prioritizes security in design, reducing exploitable vulnerabilities in technology and software. | 5 | 307c9f9c16755de33ab15a8802b80e68 |
| Initiatives aimed at promoting cybersecurity awareness and practices among the general public, similar to physical hygiene. | 4 | 307c9f9c16755de33ab15a8802b80e68 |
| A concept emphasizing that businesses must actively manage and mitigate their cyber risks as part of good governance. | 4 | 307c9f9c16755de33ab15a8802b80e68 |
| Measures and strategies that enhance the resilience of essential services against cybersecurity threats and disruptions. | 5 | 307c9f9c16755de33ab15a8802b80e68 |
| Advanced encryption methodologies that secure communications over networks, making them resistant to interception. | 4 | 307c9f9c16755de33ab15a8802b80e68 |
| name | description | relevancy |
|---|---|---|
| Chinese Cyber Espionage and Infrastructure Attacks | Growing concerns about China’s cyber operations targeting critical U.S. infrastructure, focusing on disruption and destruction rather than espionage. | 5 |
| Corporate Cyber Responsibility | The need for private sector firms to recognize cybersecurity as a critical business risk, emphasizing accountability in security practices. | 4 |
| Secure by Design | Advocating for software and technology to be designed with security as a fundamental principle, reducing vulnerabilities from the outset. | 5 |
| Resilience in Cybersecurity | The imperative for systems to be designed for resilience, ensuring functionality despite potential disruptions. | 5 |
| International Collaboration in Cyber Defense | The importance of cooperative defense measures between nations and industries to tackle cybersecurity threats collectively. | 4 |
| AI in Cyber Defense | Utilization of generative AI to enhance cybersecurity, particularly in identifying and mitigating vulnerabilities. | 3 |
| Public Trust in Cybersecurity Agencies | Building trust between cybersecurity agencies and the public, especially in light of increasing foreign cyber threats. | 4 |
| Integration of Technology and Cyber Hygiene | Making cyber hygiene practices as common and accepted as physical hygiene among the general public. | 3 |