CISA’s Cyber Priorities

Fall Cybersecurity Webinar Series - Episode 1

A Webinar Featuring Robert Costello, CIO, CISA, DHS

Billington Cybersecurity hosted a Webinar conversation between Robert Costello, Chief Information Officer, CISA, DHS and Raytheon’s VP for Global Cyber Security, Tom Richey on December 6 2022 that was filmed on X date. The two discussed:

  • CISA’s recent release of a new 2 year strategic plan
  • CISA and the CIO’s key priorities for the coming year
  • key challenges for the organization following a year of new authorities
  • congressional demands and an influx of new dollars,
  • continued focus areas for research and development, and
  • what the CIO sees as key areas where the private sector can help CISA in the coming years.

Costello was eager to talk about CISA’s new two year strategic plan. He emphasized the importance of it being 2 years given the speed at which cybersecurity issues change. He highlighted that the four pillar plan takes into consideration CISA’s new authorities, a continued focus on building stronger relationships with the private sector, and the recognition that CISA must focus on more than just cyber given its role in helping to protect critical infrastructure security and in ensuring a strong emergency communications system during times of crisis. He emphasized these focus areas by pointing to the fact that DHS and CISA serve as the principal US Government risk manager for 8 US Critical Infrastructure sectors, most of which are principally owned and managed by the private sector.

He sees his role as CISA CIO as ensuring that CISA operations have what they need in terms of effectively securing IT to do their job in addition to recognizing that CISA’s standards should be considered the best given their lead USG risk manager cybersecurity role.

Costello was also excited to talk about both CISA’s and his top priorities for the immediate future. He cited a continued and growing need for:

  • Recruiting and growing a great talent pool. He emphasized that CISA has a great program moving forward to accomplish this, that this need stretched beyond the technical and included the need for a variety of data including data analysts and contract specialists to name a few.
  • Deploying CISA recommended practices within their own operational work. Costello emphasized that CISA had to showcase best practices given its large advisory role in helping others achieve best of practice cybersecurity principals.
  • Continue progress in embracing a zero-trust framework most readily in building and deploying a state of the art CISA identity management system
  • Building and refining a secure operational work environment to meet CISA’s “Mission at speed” logo; an effort that included baking in security at the onset of the system architecture.
  • Continue to more fully understand CISA’s growing mission as it embraces its new authorities and incorporating this into its overall information system to both best secure and use it for mission.

In regards to CISA’s Zero-Trust journey, Costello highlighted that this journey was not new, was ongoing, and included a focus on both CISA’s legacy systems as well as embracing new technologies. Costello’s immediate focus was building a new identity stack for the organization in partnership with CISA’s cybersecurity division which would include the ability to continually verify every asset on the CISA’s internal protective ecosystem. He also was excited about CISA’s efforts to bake in zero trust where new system design efforts were underway at the very outset of the effort.

In terms of the greatest needs, Costello was quick to highlight that beyond his great need to find and develop talent, the organization was definitely interested in finding better data analysis tools to help them better understand his network and in performing continual risk assessments. New authorities meant new ways and means to leverage the network and that his data analysis efforts had to keep up to ensure that the organization was implementing effective risk management.

In terms of what he thinks the private sector could do to best understand the needs of CISA, Costello suggested that the private sector :

  • Attend CISA’s industry days where they can learn about its specific requirements,
  • Continue to work to best understand and train their staff on how to engage with the Federal Government from top to bottom in bringing in next generation valued added technologies,
  • Be vocal and go beyond what the client is looking for in highlighting capabilities, and…
  • Continue to cultivate and build relationships

Lastly, Costello wanted to highlight the growing need for both the Government and private sector to recognize that cybersecurity was a team sport and that both sides needed to find ways to constantly be in synch with one another if national security was to be preserved. He re-emphasized how excited he is to be a part of CISA’s growing mission and improving outreach areas, and believed that CISA could help every american get better at cybersecurity. As an example, he highlighted CISA’s recent School Safety Security Summit and believes this is exactly the kind of role that CISA should be playing helping those who do not have the kinds of resources to support their very important mission areas.

To view the entire webinar, please click here.