The Cybersecurity and Infrastructure Security Agency (CISA) has started identifying U.S. critical infrastructure that, if compromised, would result in serious consequences for national security. Creating a list of top priority infrastructure is on the agenda of the Cyberspace Solarium Commission, a congressional committee, but CISA is not waiting on Congress. CISA director Jen Easterly stated “We’re in a state now where a critical infrastructure is much more vulnerable than it should be. And frankly, that’s what I worry about most every day.” Simply labeling an entity as a top priority for protection is just the first step. Easterly hopes CISA will have the support of congress in imposing a mix of both federal benefits and burdens for companies that receive such a label.
It is promising to see CISA act on protecting U.S. critical information. Hopefully these steps will continue to drive forward the legislation introduced by the Cyberspace Solarium Commission. As stated by Director Easterly, creating a list of top priority infrastructure is just the first step. Ensuring the identified companies meet required baseline security standards is the next. Easterly is also lobbying for a larger budget for CISA. The agency has roughly a $2 million budget, and she would like to increase it to $5 million. Such an increase would allow for CISA to hire key personnel, cybersecurity advisors for the private sector, and specialists in vulnerability management, threat hunting and incident response.