CISA: Protecting Critical Infrastructure Is a Shared MissionCISA's Eric Goldstein Calls for More Collaboration Between Public, Private Sector
Every organization has a role in securing the nation and economy. Enterprises should invest in the right controls, partner with public agencies and prioritize security at the board level, advised Eric Goldstein, executive assistant director for cybersecurity at the U.S. Cybersecurity and Infrastructure Security Agency.
Software providers and the government also play important roles. "If you're a provider of a technology, good or product, you need to make sure that product is secure by design and by default and that it is safe and trusted for the purpose for which it's applied. And if you're the government, we need to provide information, guidance services and support to help those entities that we call target rich, resource poor raise their level of cybersecurity. If we all don't do our part, the system breaks down and our adversaries exploit those gaps."
The plan to hold the software community liable for security flaws is one of the pillars of the National Cybersecurity Strategy released in March. Goldstein said "the great new is industry's already on board" with the policy, but the government needs to work with technology providers and large enterprise customers to give the industry standard approaches to follow. "They want to do it. They know how to do it, but how can we drive the market to make the right business decision?" he said.
In this video interview with Information Security Media Group at RSA Conference 2023, Goldstein also discusses:
- The progress federal agencies have made in adopting the Biden Administration's 2021 Cybersecurity Executive Order on zero trust;
- How the Ransomware Vulnerability Warning Pilot can help secure critical infrastructure;
- CISA's goals for better operational collaboration and voluntary incident reporting.
Goldstein leads CISA's mission to protect and strengthen federal civilian agencies and the nation's critical infrastructure against cyberthreats. Previously, he led cybersecurity policy, strategy and regulation at Goldman Sachs.