DHS’ CISA Assistant Director: We Have Federal Security SMEs in Your Backyard
Brian Harrell, assistant director for infrastructure security at the U.S. Cybersecurity and Infrastructure Security Agency (CISA), says CISA security subject-matter experts remain in the field to help organizations, utilities, events and communities secure themselves against a variety of threats.
“CISA is in your backyard,” Harrell said. “You don’t have to go to Washington” to get help with cyber or physical security issues.
Channel Futures’ MSSP Insider was there to hear Harrell speak before an audience largely comprised of security professionals and critical infrastructure owners and operators at Auburn University in Alabama Friday. He reiterated the Department of Homeland Security’s (DHS) position that “the federal government isn’t here to tell you what to do” but rather to provide “for free” the tools and resources the private sector needs to protect itself. To aid with that mission, he said CISA field agents live and work in local areas where they “know your politics and issues, they know how you like to do things, they are your neighbors.”
There is, of course, no such thing as free tools and resources. Harrell acknowledged that these items are already paid for by taxpayers and are shared freely among American entities — including schools, houses of worship, shopping malls, movie theaters, big companies, utilities, local governments, and concert and sports events. The sharing of security resources and tools increases the return on investments (ROI) for all.
Having field personnel on hand to advise and assist makes the security tools and resources easier to use, especially in areas where staff, budget and resource limitations might otherwise restrict an organization’s ability to reach out, learn and deploy security tools and tactics that can be gleaned from the government.
And it is a gleaning, not an additional protective force, that the federal government is offering.
“We pride ourselves on being the nation’s risk advisors,” Harrell said. “We are not the protectors; that’s your job.”
As MSSPs are aware, physical and cyber security issues have converged. The two no longer stand apart and can’t be secured separately, thanks in large part to the emergence of the internet of things (IoT) and “smart” devices. What might not be as apparent are the expanding opportunities for MSSPs in the increasingly converged yet expanding threatscape, for wherever there is risk, there is a need to mitigate it. The tools and resources, including local CISA agents, can provide much needed guidance for MSSPs too.
Harrell listed several threats that CISA can help address, among them:
- Espionage by nation states, primarily China. Other nations are not only trying to harvest data on U.S. critical infrastructure but also trade secrets and intellectual property from companies and individuals, as well as stealing payment and identity information, and other data cybercriminals tend to want.
- Security risks in legacy infrastructure. Harrell said some industrial control systems date back to the 1980s and earlier and are vulnerable to attacks. Yet they may not be easy to replace. There are resources to guide you through addressing known vulnerabilities in legacy infrastructure. He also said that while the energy sector gets a lot of security focus, it’s actually the …