DHS’ CISA Assistant Director: We Have Federal Security SMEs in Your Backyard
DHS' CISA "prides ourselves on being the nation’s risk advisers. We are not the protectors, that’s your job.”
August 23, 2019
Brian Harrell, assistant director for infrastructure security at the U.S. Cybersecurity and Infrastructure Security Agency (CISA), says CISA security subject-matter experts remain in the field to help organizations, utilities, events and communities secure themselves against a variety of threats.
“CISA is in your backyard,” Harrell said. “You don’t have to go to Washington” to get help with cyber or physical security issues.
Channel Futures’ MSSP Insider was there to hear Harrell speak before an audience largely comprised of security professionals and critical infrastructure owners and operators at Auburn University in Alabama Friday. He reiterated the Department of Homeland Security’s (DHS) position that “the federal government isn’t here to tell you what to do” but rather to provide “for free” the tools and resources the private sector needs to protect itself. To aid with that mission, he said CISA field agents live and work in local areas where they “know your politics and issues, they know how you like to do things, they are your neighbors.”
DHS CISA’s Brian Harrell speaking at Auburn University, Aug. 23.
There is, of course, no such thing as free tools and resources. Harrell acknowledged that these items are already paid for by taxpayers and are shared freely among American entities — including schools, houses of worship, shopping malls, movie theaters, big companies, utilities, local governments, and concert and sports events. The sharing of security resources and tools increases the return on investments (ROI) for all.
Having field personnel on hand to advise and assist makes the security tools and resources easier to use, especially in areas where staff, budget and resource limitations might otherwise restrict an organization’s ability to reach out, learn and deploy security tools and tactics that can be gleaned from the government.
And it is a gleaning, not an additional protective force, that the federal government is offering.
“We pride ourselves on being the nation’s risk advisors,” Harrell said. “We are not the protectors; that’s your job.”
As MSSPs are aware, physical and cyber security issues have converged. The two no longer stand apart and can’t be secured separately, thanks in large part to the emergence of the internet of things (IoT) and “smart” devices. What might not be as apparent are the expanding opportunities for MSSPs in the increasingly converged yet expanding threatscape, for wherever there is risk, there is a need to mitigate it. The tools and resources, including local CISA agents, can provide much needed guidance for MSSPs too.
Harrell listed several threats that CISA can help address, among them:
Espionage by nation states, primarily China. Other nations are not only trying to harvest data on U.S. critical infrastructure but also trade secrets and intellectual property from companies and individuals, as well as stealing payment and identity information, and other data cybercriminals tend to want.
Security risks in legacy infrastructure. Harrell said some industrial control systems date back to the 1980s and earlier and are vulnerable to attacks. Yet they may not be easy to replace. There are resources to guide you through addressing known vulnerabilities in legacy infrastructure. He also said that while the energy sector gets a lot of security focus, it’s actually the …
… water sector that is most vulnerable.
Protecting soft targets. Harrell said CISA can share lessons learned from past mass shooter events, “22 of which have happened this year alone,” to help harden soft targets in every local community. Look for guidance on hometown security issues here. CISA also provides guides, white papers and other information on a wide variety of security issues ranging from how to properly use metal detectors, to backpack screening, intelligence on domestic terrorist groups, and counter-drone measures for drones carrying pipe bombs into crowded areas.
Protecting new component threats. Not only can cheap toy drones carry pipe bombs, chemical agents or biological weapons into critical infrastructure or large crowds, business drones can also provide the means to penetrate your network if they are connected to it. CISA spells out the many threats in drones here. Harrell said CISA can assist with measures to secure new components like business drones, and in countermeasures against adversaries using drones and other new components.
Finding Insider threats. Harrell says all the pieces come together and are “crystal clear” in hindsight after an insider attack. That is too late, unfortunately, to mitigate the damage, whether that insider is a shooter or a data thief. Some employees “have the institutional knowledge to bring you to your knees,” he said. “A background check every 7 years isn’t good enough.” Instead, employers need the means to discern and be alerted to suspicious employee activity that indicates a potential insider threat. “For example, if they try to use a badge to access a physical area where they shouldn’t be, that should raise alarm.” CISA can advise on how to detect and find insider threats based on security intel they’ve gathered from across many incidents.
“Remember that everything is connected,” he said. Not just devices, but people and actions too are connected. The key to strong security is finding these connections and correctly interpreting causes and motivations.
In order to do that, information must be shared freely among many protectors.
“Everyone wants the government to share, share, share,” said Harrell. “But the really good information comes from all of you. The conversation must go both ways.”
Read more about:
MSPsAbout the Author
You May Also Like