A Webinar Featuring Iranga Kahangama, Assistant Secretary for Cyber, Infrastructure, Risk and Resilience, DHS
Billington Cybersecurity on 13 December hosted a webinar and conversation between Iranga Kahangama, Assistant Secretary for Cyber, Infrastructure, Risk and Resilience in DHS’s Office of Strategy, Policy, and Plans, and Jenny Brinkley, Director of AWS Security. The conversation focused on the interchange between federal policy, public-private partnerships, and regulation and how it can drive better cybersecurity for everyone.
Kahangama brings a host of knowledge building experience to his new job having served in the FBI and as the Director of Resilience for the National Security Council prior to taking on his new assignment. Kahangama was also one of the principal authors of the Biden Administration’s Cybersecurity Executive Order, issued in May 2021 giving him a solid foundation to build on in his new role.
In terms of this new role, Kahangama says that the right balance between policy, voluntary cooperation, and more stringent regulations to ensure better cybersecurity comes from a continual conversation between the public and private sectors. Both sides have something to bring to this team approach to improving our nation’s overall security posture and improving security for the entire world. As an example, he highlighted CISA’s recent publication of its Cyber Performance Goals as an excellent example of a team effort to provide basic recommendations to everyone who is trying to leverage available resources to improve their cybersecurity programs by choosing the right outcome based controls.
- The first delivery of these White House mandated goals were meant for all 16 criticial infrastructure sectors.
- The second phase of CISA’s effort will be to deliver specific performance goals to all 16 different sectors. Kahangama pointed to the incredible diversity in which each sector works as to the necessity for more focused outcome-based recommendations for each. For example, he cited the Water sector as a key concern, given how much of it is controlled by local municipalities with much fewer resources and different circumstances factoring into cybersecurity decisions.
Kahangama also cited the Cyber Incident Reporting Council as another example of how government departments and the private sector are coming together to understand the importance of incident reporting, how to do it in partnership, and what areas to focus on to ensure new regulations will have the most positive impact for everyone. The Council is chaired by DHS, but leverages other Government critical infrastructure risk managers as well as private sector participants in an effort to balance the need for better cyber security without overly burdening the incident reporters.
Another key theme to Kahangama’s job and his message during this webinar was the need for the federal government to build a consistent and singular message when it comes to advancing cybersecurity for our country. He highlighted that he spends most of his time engaging across the federal government via meetings and phone conversations, finding ways to build that consistent message, build consistency in the policies, regulations, and reporting requirements that every US risk manager was using, and finding ways to best leverage DHS and CISA to play that coordinating role. He cited the creation of several new meeting forums where the federal players were engaging more regularly and lauded the Biden White House for playing a large orchestration role in bringing this consistency of message together with a tougher call to action.
When asked about his thoughts on the new Cyber Ambassador role created at the State Department, Kahangama highlighted that this was another example of the United States Government (USG) creating action to highlight cyber as a mainstream threat and recognizing that our efforts have to include a conversation with the rest of the world in order to counter it. Kahangama tied this creation into the larger USG effort to provide unity of effort across public, private, and international worlds and lauded Ambassador Fick for his efforts to date to engage with others who are struggling with the same kind of regulatory, policy, voluntary actions needed to ensure their national cybersecurity efforts. He sees the new cyber Ambassador role as critical to helping to bring a stronger US voice to the international cyber discussion, helping drive a new world consensus on cyber norms, and being a real game changer when it comes to improving cybersecurity worldwide over time.
Concluding, Kahangama reiterated the USG’s commitment to building continual partnerships with the private sector and international partners, to continuing its commitment to leverage its resources to level set the need in the private sector for better cybersecurity focus and basic cyber hygiene, and to forge a continued commitment to creating a common voice from within the USG so as to improve this work with the private sector to make cybersecurity stronger for everyone.
To view the entire webinar, please click here.