TLDR:
- Eric Goldstein, a top official at CISA, reflects on progress made in cybersecurity during his tenure.
- Key achievements include understanding cyber risks, collaboration with industry, and encouraging secure product development.
Eric Goldstein, the departing executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), discussed the agency’s progress and future plans in a recent interview with CyberScoop. Goldstein highlighted several key accomplishments during his nearly four years at CISA.
One significant achievement Goldstein mentioned was the agency’s improved understanding of cybersecurity risks and driving change based on that understanding. Initiatives like CyberSentry, a threat detection program in partnership with critical infrastructure owners, have helped enhance this understanding.
Another area of progress for CISA was collaboration with industry, particularly through programs like the Joint Cyber Defense Collaborative. Goldstein acknowledged that this program is still evolving but has already made meaningful advancements in operational collaboration.
Goldstein also emphasized the importance of the secure-by-design initiative, which shifts the responsibility for cybersecurity onto product developers rather than end-users. This shift in perspective has led to lasting changes in the cybersecurity community.
Looking ahead, Goldstein highlighted the upcoming implementation of rules mandated by the Cyber Incident Reporting for Critical Infrastructure Act of 2022. Once fully implemented, these rules will provide valuable cyber incident data for industry stakeholders to enhance cybersecurity efforts on a global scale.
In addition to these achievements, Goldstein acknowledged the importance of focusing on secure development and deployment of artificial intelligence and stressed the need for humility in forecasting technological changes and threats. Collaboration and the role of individuals in cybersecurity decision-making were also highlighted as critical aspects of the work CISA must continue to prioritize.