blog post
CISA and Cyber Matters
Eric Goldstein, CISA’s head of cybersecurity, is participating in the Center for Strategic and International Studies’ debut of a fresh analysis on the agency’s shifting focus on federal executive agency networks.
Despite long-standing attempts to amplify cyber defenses, the U.S. remains exposed to attacks that might disrupt key services and risk national defense, a new report from the Center for Strategic and International Studies points out.
The detailed 97-page analysis, a result of six months of diligent work by former government leaders, cyber specialists, and industry experts, underscores the progress made in network security. Yet, it emphasizes the struggle to match the dynamic cyber threats. Key insights from the report:
— Funding isn’t the only answer: Merely pumping funds into CISA won’t tackle the increasing concern that cyber adversaries see opportunities to exploit the U.S. online. Though CISA is pivotal in federal cyber matters, coordinating with over a hundred FCEB agencies, each with its cyber priorities, presents challenges.
The report suggests Congress could enhance cyber defenses by backing the Joint Collaborative Environment, a CISA-driven platform to standardize cyber information across government sectors and the private sphere. However, this has been a point of contention for the intelligence community for 20 years, with the NSA voicing concerns, leading to Congress halting its endorsement.
— Upcoming challenges: The analysis anticipates upcoming threats, such as rising malware services and AI-driven threats. Recommendations include bolstering communication, committing to sustainable cyber budgets, and CISA expanding its automation tools.
Moreover, the report urges coordinated efforts between key agencies and Congress to set pricing standards for computing, analytics, AI, and related processes for federal agencies.
Leaders from the Five Eyes intelligence alliance have issued a strong statement, labeling China as the “central challenge of our times”, criticizing its massive intellectual property theft as unparalleled.
In a historic move, leaders of the Five Eyes – which includes the U.S., UK, Canada, Australia, and New Zealand – jointly appeared on “60 Minutes”. FBI Director Christopher Wray highlighted China’s expansive theft efforts across sectors from major corporations to academia.
Although Australia’s intel leader, Mike Burgess, accepted that “every nation seeks strategic advantage”, he pointed out China’s actions far exceed standard espionage.
Wray’s take on China? A blend of “East Germany’s surveillance with Silicon Valley’s tech prowess”, creating a unique and formidable challenge for the U.S. and allies. He further urged China to embody the responsibilities of a leading nation.
The cyber-battlefield is heating up and the best indicator is when senior members of the community start telling the truth, as Goldstein just did, instead of reading off some PR prompter from the State Department.
What Chris Wray really meant was “Chinese theft goes “well beyond” traditional espionage, combining the ruthless techniques favored by East Germany with cutting edge technologies stolen from Silicon Valley startups, and the combination represents a daunting, first-of-its-kind threat for the United States and for our allies.”
These “cutting edge” technologies fell into their hands because over the last ten years, some of the top VC firms on Sand Hill road partnered with Chinese investors and openly invited them to open their own investment companies. What few folks know is that the leading and most heavily invested of Limited Partners (LP) in a given deal (40-50%) have the rights to examine all of the startup’s IP.
“If they want to be a great nation, it’s time for them to start acting like one,” says Wray, but if we are serious about national defense, it’s time for us to say, “Goodbye” to Chinese investors.
Author
Steve King
Managing Director, CyberEd
King, an experienced cybersecurity professional, has served in senior leadership roles in technology development for the past 20 years. He has founded nine startups, including Endymion Systems and seeCommerce. He has held leadership roles in marketing and product development, operating as CEO, CTO and CISO for several startups, including Netswitch Technology Management. He also served as CIO for Memorex and was the co-founder of the Cambridge Systems Group.