We had senior former government officials leading the groups.Ĭhris: You had currents too. There's some really creative stuff that we saw come out of CISA and still does. Test some of our assumptions and come up with really well-rounded, well-tested 360 degree almost proof policy concepts.Įric: The example on pineapple pizza. I never thought about it that way, maybe we can test that. When I was in the role at CISA, I’d just ravenously consume podcasts and articles and podcasts like this. Throw out some envelope, bleeding edge type recommendations that can help inform the policy discussion. Test some assumptions that we all have on how things work. Those tabletop simulations are really valuable particularly when you have really thoughtful people in the same room. I said, "Okay, as long as somebody notifies, works with industry, and owns it, I'm out." I readdressed it with the two individuals the next day in a joking fashion but it was not a fight I felt like fighting.Ĭhris: Nonetheless, it was a fun exercise. I've seen this happen to Jen Easterly, my successor and then Chris Inglis who's the national cyber director and senators and Congress members would say, "Who's in charge of cyber," and I would always be like, "Why are you asking me? You make those decisions, not me."Įric: Well, I took the cowardly approach and I punched out. ![]() It was always funny to me when I would testify in front of Congress. But honestly, until the president of the United States says, "This is how private sector engagement is going to work with the government," you're going to continue to see that kind of equity battle. ![]() I need to call the NSA." One of those areas where there's a lot of room for improvement and simplification from a government perspective is to streamline the government engagement process.Ĭhris: I'm always obviously a homer for CISA and CISA should be that front door. If I'm energy, I need to call the Department of Energy. It gets very complex and becomes a drain of resources when you think about, "Okay, I need to call the FBI. But from the private sector perspective, it gets really confusing. There's a lot of value for a range of different agencies to engage with the private sector. Aren't you going to have CISA make those notifications to the private sector?" It's another one of those really interesting policy discussions from the government perspective. We're going to inform."Ĭhris: I remember that and I said, "Well, wait a second. We need to inform CISA and let them know what we're seeing." I said, "We also need to inform the industry of what's going on as the IC." And I got these two people just whipped their heads around and said, "CISA is the IC." I backed up, I was like, "Okay. Someone said, "We're working with CISA on this. We were going through this ransomware exercise and what you would do next. There was a big ransomware scenario, but it was a lot of fun.Įric: I was in the intelligence group. I had the honor to serve as her national security advisor. CISA needs to really focus on growing its understanding and enrichment and contextualizing of that open source space.Įric: We were doing an exercise and you were the national security advisor.Ĭhris: Sue Gordon, the former deputy national intelligence, director of national intelligence was the president. When you think about the information ecosystem right now, just how it's exploding, that classified piece is proportionately shrinking compared to proprietary and open source. They've got more opportunity to excel in the open-source space more than probably any other agency in the federal government. ![]() That's actually a point of discussion within the policy circles and on the hill whether CISA should become part of the IC. We would have some attachments or detailees. CISA and DHS are part of the intelligence community down there.Ĭhris: There is a part of DHS, the intelligence analysis function, but CISA is not a member of the intelligence community. What did CISA say?"Ĭhris: Try to have some sort of consistency across government agencies.Įric: We've got the DoD and then the Homeland piece. Chris, is it CISA or CISA?Ĭhris: I try not to be pedantic about this, but, as the person that came up with the name, it’s CISA.Įric: I get confused because you hear it both ways and I'm like, "Wait a minute. Welcome back to the podcast, Chris.Ĭhris: Good to see you again, saw you a few weeks ago down in Florida or was that Georgia?Įric: Yes, it’s a brief conference. He served as the first director of the Department of Homeland Security Cybersecurity and Infrastructure Security Agency known as CISA. ![]() Rachel: We have Chris Krebs who's a founding partner of the Krebs Stamos Group.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |