Opening Statement by CISA Director Jen Easterly

Chairman Gallagher, Ranking Member Krishnamoorthi, Members of the Committee, thank you for the opportunity to testify on CISA's efforts to protect the Nation from the preeminent cyber threat posed by the People's Republic of China.
As America's civilian cyber defense agency and the National Coordinator for critical infrastructure security and resilience, CISA has long been focused on cyber threats from China.
In recent years we have observed a deeply concerning evolution in Chinese targeting of US infrastructure.
This threat is not theoretical: leveraging information from our government and industry partners, CISA teams have found and eradicated Chinese intrusions into critical infrastructure across multiple sectors, including aviation, energy, water, and telecommunications.
First, through authorities provided by Congress based a recommendation from the Cyberspace Solarium Commission, we are using the Joint Cyber Defense Collaborative or JCDC to drive robust operational collaboration across government and industry focused on uncovering additional Chinese malicious cyber activity and developing new ways to prevent Chinese intrusions.
Second, we are delivering services, guidance, and resources to critical infrastructure owners and operators across the nation to identify and reduce risks posed by Chinese cyber actors.
We are leveraging our now hundreds of advisors and subject matter experts across the country to work directly with critical infrastructure businesses to strengthen the resilience of the critical services Americans rely on every hour of every day.
The reality is eradicating malicious Chinese activity, bolstering the resilience of critical infrastructure, or even going on the offense to disrupt and impose costs, are all necessary, but insufficient.
While the PRC is a sophisticated cyber adversary, many of its methods to break into our critical infrastructure are not.
The technology base underpinning much of our critical infrastructure is inherently insecure, because for decades software developers have been insulated from responsibility for defects in their products.
This has led to misaligned incentives that prioritize features and speed to market over security, leaving our nation vulnerable to cyber invasion.
Technology companies must help ensure that China and other cyber actors cannot exploit defects in technology products to saunter into the open doors of our critical infrastructure to prepare destructive attacks.
We are at a critical juncture for our national security.
Every victim of a cyber incident should report it to CISA or FBI, every time, recognizing that a threat to one is a threat to many, because cybersecurity is national security.
Every critical infrastructure entity should establish a relationship with their local CISA team and enroll in our free services, particularly our Vulnerability Scanning program, to help identify and repair vulnerabilities being exploited by Chinese cyber actors.
Every critical infrastructure entity should use these services, along with CISA's Cybersecurity Performance Goals, and the many advisories we've published with NSA and FBI to drive necessary investment in cyber hygiene, including throughout their supply chains.
Every critical infrastructure entity should double down on their commitment to resilience.
They must expect and prepare for an attack, continually testing and exercising the continuity of critical systems to ensure they can operate through disruption and recover rapidly to continue to provide services to the American people.
Finally, every technology manufacturer must build, test, and ship products that are secure by design.
These steps are only achievable if CEOs, Boards, and every single business leader of a critical infrastructure organization treats cyber risks as core business risks and recognize that managing them is a matter of both good governance and fundamental national security.


This Cyber News was published on www.cisa.gov. Publication date: Wed, 31 Jan 2024 22:13:04 +0000


Cyber News related to Opening Statement by CISA Director Jen Easterly

Readout from CISA's 2023 Fourth Quarter Cybersecurity Advisory Committee Meeting - CARLSBAD, Calif. - Yesterday, the Cybersecurity and Infrastructure Security Agency held its fourth and final 2023 quarterly Cybersecurity Advisory Committee meeting. During the meeting the Technical Advisory Council and Building Resilience and ...
1 year ago Cisa.gov
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
6 months ago Securityaffairs.com
CISA Has a New Road Map for Handling Weaponized AI - Last month, a 120-page United States executive order laid out the Biden administration's plans to oversee companies that develop artificial intelligence technologies and directives for how the federal government should expand its adoption of AI. At ...
1 year ago Wired.com
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
2 months ago Therecord.media
CISA boss swatted as bogus emergency calls on the rise The Register - CISA Director Jen Easterly has confirmed she was the subject of a swatting attempt on December 30 after a bogus report of a shooting at her home. One of the most troubling trends we have seen in recent years has been the harassment of public ...
10 months ago Theregister.com
Opening Statement by CISA Director Jen Easterly - Chairman Gallagher, Ranking Member Krishnamoorthi, Members of the Committee, thank you for the opportunity to testify on CISA's efforts to protect the Nation from the preeminent cyber threat posed by the People's Republic of China. As America's ...
10 months ago Cisa.gov
Federal Cybersecurity Agency Launches Program to Boost Support for State, Local Election Offices - The nation's cybersecurity agency has launched a program aimed at boosting election security in the states, shoring up support for local offices and hoping to provide reassurance to voters that this year's presidential elections will be safe and ...
10 months ago Securityweek.com
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
1 year ago Cisa.gov
CISA's OT Attack Response Team Understaffed: GAO - The US Government Accountability Office has conducted a study focusing on the operational technology cybersecurity products and services offered by CISA and found that some of the security agency's teams are understaffed. OT environments continue to ...
9 months ago Securityweek.com
CISA: Volt Typhoon had access to some U.S. targets for 5 years - U.S. government agencies issued another warning about the significant threat posed by a Chinese nation-state threat group to critical infrastructures, revealing attackers might have been lurking in victims' IT environments for several years. Last ...
10 months ago Techtarget.com
Securing Tomorrow: A Recap of CISA's Cyber Resilient 911 Symposium - CISA's Emergency Communications Division spearheaded the Cyber Resilient 911 Program's fourth regional symposium, which included CISA Regions 5 and 7. Among the attendees were state 911 administrators, representatives from 911 centers, IT/cyber ...
7 months ago Cisa.gov
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
1 year ago Cisa.gov
ONCD Welcomes Mr. Harry Coker, Jr. as Next National Cyber Director - Once sworn in, Mr. Coker will be the second National Cyber Director in the Office, which was established in 2021 as part of the National Defense Authorization Act. The National Cyber Director serves as principal advisor to the President on ...
1 year ago Darkreading.com
AI threat demands new approach to security designs -US official - OTTAWA, Nov 27 - The potential threat posed by the rapid development of artificial intelligence means safeguards need to be built in to systems from the start rather than tacked on later, a top U.S. official said on Monday. "We've normalized a world ...
1 year ago Reuters.com
What Can Go Wrong with Bank Online Account Opening? - Online account opening is one of the most crucial functions for banks today. They pull out their driver's license and show it to the camera on the phone or on the PC. The bank checks some data and vets the driver's license and a new account is ...
1 year ago Securityboulevard.com
CISA Kicks Off 21st Anniversary of Cybersecurity Awareness Month | CISA - “CISA is excited to again partner with the National Cybersecurity Alliance and lead the federal government’s efforts to reduce online risk during this 21st Cybersecurity Awareness month and every month,” said CISA Director Jen Easterly.  ...
2 months ago Cisa.gov
Critical infrastructure hacks raise alarms on Chinese threats - A U.S. law enforcement operation in December disrupted a botnet of hundreds of routers operated by Chinese nation-state actors. The campaign has raised concerns about potentially destructive cyberattacks from the country. The law enforcement ...
10 months ago Techtarget.com
CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
9 months ago Techtarget.com
CISA to Developers: Adopt Memory Safe Programming Languages - Software makers need to embrace the growing number of newer programming languages that protect memory to reduce the number of security vulnerabilities in their products, according to cybersecurity agencies in the United States and other countries. ...
1 year ago Securityboulevard.com
CISA Report Finds Most Open-Source Projects Contain Memory-Unsafe Code - More than half of open-source projects contain code written in a memory-unsafe language, a report from the U.S.'s Cybersecurity and Infrastructure Security Agency has found. Memory-unsafe means the code allows for operations that can corrupt memory, ...
5 months ago Techrepublic.com
CISA to Congress: US Under Threat of Chemical Attacks - CISA warned this week that facilities maintaining dangerous chemicals across the US are no longer receiving adequate security support. Compared with such industries as energy, water, and telecoms, cybersecurity professionals tend to be less au ...
1 year ago Darkreading.com
CISA reveals how fed agency succumbed to ColdFusion attacks The Register - CISA has released details about a federal agency that recently had at least two public-facing servers compromised by attackers exploiting a critical Adobe ColdFusion vulnerability. The vulnerability, tracked as CVE-2023-26360, was disclosed in March ...
1 year ago Go.theregister.com
EuroTel ETL3100 Radio Transmitter - RISK EVALUATION. Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain full access to the system, disclose sensitive information, or access hidden resources. EuroTel ETL3100 versions v01c01 and v01x37 does ...
1 year ago Cisa.gov
Optigo Networks ONS-S8 Spectra Aggregation Switch | CISA - CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial ...
2 months ago Cisa.gov
'I don't see it happening': CISA chief dismisses ban on ransomware payments - OXFORD, United Kingdom - Jen Easterly, the director of the U.S. Cybersecurity and Infrastructure Security Agency, on Thursday poured cold water on suggestions the United States might bring in a ban on ransomware payments. She was interviewed by ...
5 months ago Therecord.media

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)