REWIRED 2021 Jen Easterly Wants Hackers to Help US Cyber Defense

Jen Easterly has her work cut out for her. As only the second director of the US government’s Cybersecurity and Infrastructure Security Agency (CISA), she must contend with a historic onslaught of ransomware attacks and disinformation campaigns. Easterly is a different kind of bureaucrat, however. She exhibited as much at the Black Hat cybersecurity conference in August, where she introduced new policy initiatives to an AC/DC-backed dance while wearing a “Free Britney” shirt and dragon-emblazoned jeans.

Her breezy style, though, isn’t for lack of experience. The retired Army officer previously served in the National Security Agency and helped the Department of Defense establish its cyberspace operations. She also acted as special assistant to President Obama on counterterrorism before migrating to the banking sector, where she headed cybersecurity at Morgan Stanley.

In conversation with WIRED contributing editor Garrett Graff at the RE:WIRED event Wednesday, Easterly related a big shift in cybersecurity to Douglas Adams’ Dirk Gently paradigm, where “everything is connected, everything is interdependent.” This interconnectivity is the product of our digitized world. “So the attack surface has grown, and the volume and variety and velocity of data has grown exponentially.” The result: There’s a cyberattack every 40 seconds and one in 10 of the internet’s 1.8 billion websites leads you to malware. “So the big thing that has changed is cybersecurity has become a kitchen table issue.”

At CISA, part of the Department of Homeland Security, Easterly must shift from the more offensive role she played in the Army, NSA, and intelligence community to defense. She says her past experience helps her understand how her adversaries operate and, in turn, develop a sense of empathy for them. “You have to have adversarial empathy,” she explained, “to really understand how the adversary operates, through the tactics, techniques, and procedures they use, to be able to be the best defender you can be.”

“The big thing that has changed is cybersecurity has become a kitchen table issue.”

Jen Easterly, director, CISA 

To put on the best defense, Easterly will have to enlarge the size of the US government’s newest department. That’s part of why she went to Black Hat and Defconâ€"to reach out to the private hacker community. “That’s my community, man,” she said. “We want to ignite the power of hackers and researchers and academics because, at the end of the day, the world is full of vulnerabilities, and I feel the offense is dominating the defense. So I want to make sure we are tapping into the brilliance and the goodness of those communities to help us identify and close those vulnerabilities. So please partner with us and bring it on.”

For all the technology involved, Easterly says the hardest part is “about people and human behavior and getting people to change how they operate, and implement the basics of cyber hygiene, through authentication, patching, and software upgrades.” More than 90 percent of vulnerabilities exploited for ransomware attacks, she said, have patches associated with them. So many of us are failing at the very basics of cybersecurity.

She is, however, optimistic about our government’s path forward. “I’m an optimist but I'm more optimistic than I’ve ever been about how we can work together, in the government, as a team sport and with the private sector as trusted partners.” Through this partnership, she hopes to “create a common picture of the operating environment,” in order to “plan and exercise in peace time so that we’re ready to work together in war time.”

One thing that Easterly said worries her most, as both a citizen and a mother to a 17-year-old son, is the scourge of misinformation on the web. “We now live in a world where we talk about alternative facts and post-truth, which I think is really, really dangerous.” This ability to “pick your own facts,” she said, is particularly corrosive in election security. She’s combating this corrosive element through a misinformation and disinformation team, with a fact-checking site, Rumor Control. “One could argue we’re in the business of critical infrastructure,” she said, “and the most critical infrastructure is our cognitive infrastructure.”

Watch the RE:WIRED conference on WIRED.com.

More Great WIRED Stories

ðŸ"© The latest on tech, science, and more: Get our newsletters!

Weighing Big Tech's promise to Black America

I used Facebook without the algorithm, and you can too

How to install Android 12â€"and get these great features

Games can show us how to govern the metaverse

If clouds are made of water, how do they stay in the air?

ðŸ'ï¸ Explore AI like never before with our new database

🎮 WIRED Games: Get the latest tips, reviews, and more

ðŸ'» Upgrade your work game with our Gear team’s favorite laptops, keyboards, typing alternatives, and noise-canceling headphones

Share this post