CISA’s Cybersecurity Efforts Go Global in Wake of SolarWinds Incident

In the ongoing aftermath of the SolarWinds breach, the Cybersecurity and Infrastructure Security Agency (CISA) is going global in its efforts to increase cybersecurity. CISA Global is their new initiative to position CISA cybersecurity experts around the world to build new partnerships and support current U.S. cyber partners.

CISA plans to dramatically increase its role internationally alongside the cyber diplomacy activities of the U.S. Department of State, citing cyberspace threats that are not constrained by national borders and U.S. critical infrastructure and emergency communications that are increasingly interconnected and dependent on global infrastructure, systems, supply chains and arrangements.

In discussing CISA Global at a recent virtual industry event covered by Nextgov, CISA Acting Director Brandon Wales said the effort will augment and align with State Department cyber diplomacy activities. “We are looking at ways to make a more firm commitment internationally, including deploying CISA personnel around the world . . . at critical embassies around the world embedded with some of our most critical cybersecurity partners,” Wales said. “Those efforts are proceeding now, and I expect that over the next two years, you will see a different CISA with a different kind of global footprint.”

The initiative focuses on four lines of effort: increase operational cooperation with international partners, build global security and resilience capacity, engage public and private stakeholders and shape the global policy ecosystem. Information sharing is to underpin each line of effort.

Evolving U.S. International Cyber Efforts

CISA Global is the latest initiative among U.S. international cybersecurity efforts that continue to evolve and expand. In early February the State Department appointed Ian Wallace as senior advisor to the Office of the Coordinator for Cyber Issues. As part of the Office of the Secretary of State, the Cyber Issues Office (S/CCI) has the mission of leading U.S. efforts “to promote an open, interoperable, secure, and reliable information and communications infrastructure that supports international trade and commerce, strengthens international security, and fosters free expression and innovation.” In late February, Michele G. Markoff, Deputy Coordinator of the S/CCI spoke at a Romanian American Chamber of Commerce Event that focused on increased US-EU cyber collaboration.

In January, the U.S. State Department announced the creation of the Cyberspace Security and Emerging Technologies Bureau (CSET) at the department, charging the Bureau with leading U.S. government diplomatic efforts in “international cyberspace security and emerging technology policy issues that affect U.S. foreign policy and national security, including securing cyberspace and critical technologies, reducing the likelihood of cyber conflict, and prevailing in strategic cyber competition.” However, given the reaction by some in Congress to CSET it is unclear if the Biden State Department will advance the Bureau as currently structured.

Anticipated Cybersecurity Executive Order May Prompt Multiple Efforts

Federal cybersecurity policy seems poised for a flurry of new initiatives, in some ways reminiscent of the 30-day cyber sprint that was launched as a result of the 2015 hack of Office of Personnel Management (OPM) systems that reportedly compromised the records of millions of federal employees.

In a White House press briefing in mid-February, Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, set the expectation of a forthcoming Biden executive order (EO) to address cybersecurity actions coming out of the SolarWinds breach investigation. “We’re also working on close to about a dozen things — likely eight will pass — that will be part of an upcoming executive action to address the gaps we’ve identified in our review of this incident.” Neuberger indicated that federal cybersecurity needs investment and more of an integrated approach to detect and block threats such as the SolarWinds incident. 

The question remains as to whether such efforts will shift the federal cyber posture from reacting to major events to getting ahead of them.

It is also unclear if the forthcoming FY 2022 Department of Homeland Security (DHS) budget request will request sufficient increases for CISA to sufficiently resource CISA Global alongside its many other wide ranging efforts . . . and whether Congress will appropriate the funds.  Time will tell.