Storytelling school

CISA director shares importance of ‘cyber storytelling’

(TNS) – Jen Easterly hopes to change your dinner conversation.

Ransomware – malicious software that can prevent users from accessing their device or files – made the list of table-talk topics, but somehow cybersecurity doesn’t. didn’t.

Easterly, director of the federal cybersecurity agency, wants to change that. “I think it’s really important that cybersecurity also becomes a kitchen table issue,” she said.

Easterly visited Seattle this week as part of an effort to connect with local governments, businesses and educational institutions across the country. She stopped by Boeing headquarters in Renton, the Space Needle and Amazon headquarters in South Lake Union to discuss how to prepare local governments to prevent cyberattacks and inspire the next generation of cybersecurity professionals. to undertake this task.

Easterly leads the Cybersecurity and Infrastructure Security Agency, or CISA, and is responsible for leading the agency’s efforts to understand, manage and reduce risk to the cyber and physical infrastructure we rely on every day. She was appointed in July 2021 and has spent the past year working to cut the “nerdspeak” out of cybersecurity. She likes to talk about her role as an “e-narrator” and hopes to put the industry in a context that a young child and their mother could understand.

Seattle is home to CISA Region 10, an area that spans 918,630 square miles and covers Alaska, Idaho, Oregon, Washington and 271 tribal nations. The agency is part of the Department of Homeland Security. In September, DHS committed $1 billion for cybersecurity grants over the next four years for state, local, and territorial governments.

CISA focuses on how individuals can protect themselves — such as social media’s recent push to use “more than a password” to log into personal devices — as well as national efforts. He is tasked with improving supply chain security, protecting against cyber threats from 5G deployment, and improving election security. The cybersecurity agency tapped former Washington Secretary of State Kim Wyman to lead CISA’s election security efforts.

Some CISA staff focus on maintaining communications during emergencies and others advise and assist facilities with hazardous chemicals on how to prevent those chemicals from being weaponized. And, some work with the Department of Homeland Security on critical infrastructure protection.

Easterly says most people are hesitant to use the term “critical infrastructure,” but really, it’s just “how we get gas at the pump, food at the grocery store, money at the ATM,” she said. “It’s our water. It’s our transportation. It’s our power. It’s our communication. It’s the networks, systems and data that underpin our daily lives.”

Seattle faces an “ironic juxtaposition,” Easterly said. On the one hand, local institutions work to defend public services and help people understand how to protect themselves online. On the other hand, major tech companies that have huge influence over the country’s digital infrastructure are based here.

“America has amazing businesses, [an] incredible heart of innovation here on the West Coast, and it’s really important that these tech companies play a role in helping to shape the tech ecosystem,” Easterly said.

To do this, tech giants must design products and services with security in mind. Just as consumers expect seat belts and air bags in a car, they should expect safety to be built into products.

As companies like Amazon and Microsoft grew, security wasn’t necessary, Easterly said. She hopes that market forces and their own interests will continue to push them towards this. The next step, however, would be federal regulation.

In August 2021, the cybersecurity agency launched a new initiative, dubbed the Joint Cyber ​​Defense Collaborative, to strengthen public-private collaboration in the industry. Amazon Web Services, the company’s cloud computing arm, and Microsoft were among the early industry partners.

Outside of the federal department, businesses and educational institutions in Seattle are adopting the same mindset as Easterly. They strive to demystify cybersecurity and increase awareness, education and resources – from middle school through elementary and middle school. During a panel on Thursday, many participants suggested tapping into gaming culture or designing contests around e-education. It could be an escape room focused on misinformation, or a news contest where the heroine is a cyberprofessional, or a TEDX series spotlighting the cyberworld. Easterly suggested creating a “cyber schoolhouse rock”.

Stealing a word of the hype from social media today, James Poland, director of cyber intelligence at the University of Washington, said he sees himself “first and foremost as an influencer”.

The conversation around cybersecurity has already started to heat up over the past year and a half, Easterly said. Part of this is naturally occurring as the agency “comes into its own” four years after its inception, but “part is the recognition and realization that the threats we face are only getting more complex and more dangerous,” she said.

For now, the agency plans to spend the next month hyper-focused on the midterm elections.

Before Easterly took over the agency, she was responsible for managing election security risks. At that time, there was a lot of resistance to the federal government playing a role in what had historically been handled by state and local election officials.

This week, Easterly visited the King County Elections Office to see how it secures ballots.

“We want to make sure election officials have what they need,” she said Thursday.

“We are very focused on the next 43 days” until the midterm elections, she continued, “and then on to 2024”.

©2022 The Seattle Times, distributed by Tribune Content Agency, LLC.