Jen Easterly has a lot of work ahead of her. She is the second director of Cybersecurity and Infrastructure Security Agency (CISA) of the US government. This means she has to deal with ransomware attacks and disinformation campaigns. Easterly, however, is a different type of bureaucrat. At the Black Hat cybersecurity conference, she displayed as much. In August, she presented new policy initiatives to a dance sponsored by AC/DC while wearing a "Free Britney shirt" and jeans with a dragon-emblazoned logo.
However, her breezy style is not due to a lack of experience. Retired Army officer, she was previously a National Security Agency officer and helped establish cyberspace operations for the Department of Defense. Before moving to the banking sector, she was a special assistant to President Obama in counterterrorism. She then headed cybersecurity at Morgan Stanley.
Easterly spoke with Garrett Graff, WIRED's contributing editor, at Wednesday's RE:WIRED event. He related a major shift in cybersecurity to Douglas Adams’ Dirk Gently paradigm. This is where "everything, everywhere is interdependent." "So the attack surface is growing, and the volume, variety and velocity data has increased exponentially." This means that cyberattacks occur every 40 seconds and malware is found on one in ten of the internet's nearly 1.8 billion sites. Cybersecurity has become a household issue.
Easterly, who is part of the Department of Homeland Security's CISA, must move from her offensive role in the Army, NSA and intelligence community to a defense-oriented position at CISA. She believes her past experiences have helped her to understand the tactics and strategies of her adversaries, which has allowed her to develop empathy for them. She explained that you need adversarial empathy to understand the tactics, strategies, and procedures used by your adversary in order to be the best possible defender.
"The biggest thing that has changed is cybersecurity. It has become a dinner table issue," Jen Easterly, director of CISA.
Easterly must increase the size of the new US department in order to put on the best defense. This is why she attended Black Hat and Defcon - to reach out to the private hacker community. She said, "That's my community man." We want to incite the power of hackers, researchers, and academics, because the world is full with vulnerabilities and the defense is dominating the offense. To help identify and close these vulnerabilities, I want to tap into the creativity and goodness of these communities. Please partner with us, and let's get it done!
Easterly said that despite all the technicalities involved, the most difficult part of cybersecurity is "people and human behavior and getting people changing how they behave, and implementing the basics of cyber hygiene through authentication, patches, and software updates." She stated that more than 90% of ransomware vulnerabilities have been patched. Many of us fail to understand the basics of cybersecurity.
However, she is optimistic about the government's future. She said, "I am an optimist, but I'm more optimistic about how we can collaborate, in the government as a team sport, and with the private sector, as trusted partners." This partnership will allow her to "create a shared picture of the operating environment" to help "plan and execute in peacetime so that we're prepared to work together during wartime."