A Call to Action from CISA’s Jen Easterly and Def Con’s Jeff Moss at Inaugural CISA Advisory Committee Mtg.
In the first meeting of the Cybersecurity and Infrastructure Security Agency’s (CISA) new Cybersecurity Advisory Committee, CISA Director Jen Easterly made clear to the committee members their working model would be action-based, not the usual passive mode assumed by an advisory body, telling the group: “I welcome this group creating action. This is really just not about being a talking club. This is about leveraging your expertise, your perspective, to make the nation safer.” Advisory Committee Member, Def Con Founder Jeff Moss, also offered his perspective on how best to engage the hacker community.
Cybersecurity and Cyber Incidents: Innovation and Design Lessons from Aviation Safety Models and a Call for a “Cyber NTSB”
In a recent 4-month long workshop, over 70 experts explored the concept of creating a “Cyber NTSB”. This workshop topic is consistent with themes like innovation and design processes for innovation, which cut across much of our recent OODA Loop research and analysis. It all starts with a design metaphor. This recent workshop used the National Transportation Safety Board as a design analogy/metaphor for a National Cyber Safety Board/National Cyber Security Board (NCSB). Specifically, innovation in “lesson-learning systems” for cybersecurity and cyber incidents – taking design process inspiration from the aviation safety models of the NTSB – was the goal of this “Cyber NTSB” workshop.
The Department of Defense has released its first new cyber strategy document since 2015. The document affirms that the U.S. “cannot afford inaction,” and that U.S. cyber operations must more “amplify military lethality and effectiveness” more offensively. Defense officials conducted a review of the department’s cyber capabilities and strategy that
The Department of Homeland Security secretary Kirstjen Nielsen has argued that U.S. responses to cyber attacks should be “more than commensurate” and declared that the country’s “days of cyber surrender are over” as it replaces “complacency with consequences…deniability with accountability.” Nielsen said that both statements reflected her personal opinions and
“Modern technology has outpaced the ability of shared familiar metaphors to describe it. Trying to tie modern threats, executed with code over a global network infrastructure that didn’t exist decades ago, to historical analogies is a perilous activity. Which is why I was perplexed to find a recent instance of
The Department of Homeland Security has published a new Cyber Strategy that includes a set of five year goals for the department and related agencies.