To hear Christopher Krebs tell it, the role of the Cybersecurity and Infrastructure Security Agency (CISA) that he runs is to help blue teams across the United States.
"I view our responsibility as being the nation's risk adviser. We provide information to the blue team, to network defenders, to be more effective in what they do."
He cited the alerts his agency creates and shares that focus on what InfoSec blue teams need most.
And CISA alerts also focus on things such as indicators of compromise and specific steps needed for risk mitigation. In other words, information teams can act on.
During his RSAC 2019 presentation, Krebs also detailed four priority areas his agency is focused on right now:
1. Priority: China, supply chain, and 5G
Yes, he grouped these together. "[CISA] established a supply chain task force, working on what does a bi-directional threat sharing looking like; effective criteria for threat and risk assessments, including the strategic risk assessment of 5G, working with the industry."
2, Priority: Federal network security
3. Priority: Critical Infrastructure cybersecurity
This is especially focused on ICS and SCADA industrial control systems, and the agency has two programs kicked off, including one that works with pipeline companies on reducing cyber risk.
4. Priority: Election security
He says the agency set up an ISAC around election infrastructure, issued intrusion detection sensors to a large number of states, and conducted a first-of-its-kind tabletop exercise with election officials in 44 states.
One other thing the Director of CISA said during our briefing at RSAC is that his agency must keep a narrow list of cyber risk priorities in order to be effective:
"The one thing that stands out to me the most is we can't do everything. We can't work in generalities; we have to be much more focused and pick the things we want to work on."