Federal cybersecurity chief lays out strategic plan for agency in talk at Auburn University

Published: Aug 22, 2019 3:56 PM

By Chris Anthony

Cybersecurity and Infrastructure Security Agency Director Chris Krebs laid out the agency’s five principles for defending today’s cyber infrastructure and securing the cyber tools of tomorrow during a talk at Auburn University on Thursday.

As the first director of CISA, a division of the Department of Homeland Security, Krebs described the agency as the nation’s risk advisor in critical infrastructure protection, cybersecurity and physical security. He also outlined efforts to ensure the agency’s vision of establishing a secure and resilient infrastructure for the American people.

“We have to be relentless in driving down risk, in pushing awareness of the things that need to be done by the state and local community and by the federal community. That’s our job,” Krebs said. “[Our job is] understanding what the risks are, bringing people together to manage these issues and then building capacity.”

Established in November 2018, CISA’s strategic priorities include:

  • Leading the national effort to protect and ensure a resilient infrastructure in a collaborative way

  • Providing a results-driven approach to delivering cybersecurity solutions that governments, industry and other organizations need to defend their networks and resources

  • Surveying the risk landscape to stay ahead of bad actors in the cyber realm

  • Providing solutions that are consistent with American values and the country’s democratic framework

  • Doing all of these things as a unified agency, as opposed to a disparate group of agencies all addressing cybersecurity in different ways

In addressing stakeholders in cybersecurity, Krebs emphasized the collaborative nature of CISA’s approach to cybersecurity and infrastructure security challenges.

“It’s going to take the federal government, state and local governments, industry and the academic community all working together, sharing our respective resources and capabilities at all levels … if we’re going to make progress here,” Krebs said. “The best news about it is that things are better, from a partnership perspective, than they were several years ago.

“That awareness that I mentioned is only increasing, the investment is only increasing and the capabilities are always increasing. The downside of that is the bad guys are getting better, too. We have got to take advantage of working together. I truly believe the defense has the advantage if we all work together.”

CISA plans to work with local and state communities to achieve this goal, specifically by conducting collaborative risk management and analysis, deploying sensors and analysts, holding exercises and training, and sharing information.

Krebs also stressed the importance that Auburn University and other educational institutions play in realizing these objectives.

“We have to figure out a better way to bring the talent across higher education and K-12 into the cybersecurity ecosystem,” he said. “We have to ensure there is a talent base that is security first that comes into the high-tech community. So when you develop something, whether it’s an IoT (internet of things) device or an industrial control system, that it’s not about being first to market. That it’s not about just making sure the thing works. It’s about thinking through how these things can be exploited and ensuring they are secure by design and secure by deployment.”

In a question-and-answer session with Frank J. Cilluffo, director of Auburn’s McCrary Institute for Cyber and Critical Infrastructure Security, Krebs touched on wide-ranging issues from ransomware attacks on local governments to election security in the cyber era and state actors meddling in the cyber affairs of Western democracies.

The talk was part of a two-day event at Auburn University that will also include a talk by CISA Assistant Director Brian Harrell at 10 a.m. CST on Friday, Aug. 23, in the Grand Hall of the newly constructed Brown-Kopel Engineering Student Achievement Center. A live stream will be provided here.

Auburn University is one of a select group of institutions designated as a National Center of Academic Excellence in Cyber Defense Research, Cyber Defense Education and Cyber Operations by the National Security Agency. Auburn conducts pioneering cyber research through its Cyber Research Center, Center for Cyber and Homeland Security, and McCrary Institute for Cyber and Critical Infrastructure Security.

Media Contact: Austin Phillips, austinp@auburn.edu, 334.844.2444

Recent Headlines