The head of the nation’s top cybersecurity agency is warning that the current technology ecosystem, which underpins much of our lives, is at risk of being hacked by malicious actors.
In an interview with Yahoo Finance at CES 2023 in Las Vegas, Cybersecurity and Infrastructure Security Agency Director Jen Easterly explained that the tech industry, consumers, and government need to come together to help improve cyber safety in the U.S.
“We live in a world…of massive connections where that critical infrastructure that we rely upon is all underpinned by a technology ecosystem that unfortunately has become really unsafe,” said Easterly, who was previously head of Firm Resilience at Morgan Stanley.
She added: “We cannot have the same sort of attacks on hospitals and school districts that we've been seeing for years. We have to create a sustainable approach to cyber safety, and that's the message that I'm bringing to CES.”
Easterly, who was confirmed as director of CISA in 2021— and helped create and design the United States Cyber Command—explained that tech companies need to ensure that the software they put out into the world has fewer flaws that hackers can exploit.
“We've essentially accepted as normal that technology is released to market with dozens or hundreds or thousands of vulnerabilities and defects and flaws,” Easterly said. “We've accepted the fact that cyber safety is my job and your job and the job of my mom and my kid, but we've put the burden on consumers, not on the companies who are best equipped to be able to do something about it.”
Over the last several years hackers and nation state actors have taken aim at everything from critical U.S. infrastructure to the IT systems that help small towns provide services to their residents. For example: In 2021, hackers attacked JBS, the world’s largest meat supplier, demanding an $11 million ransom. That same year, attackers broke into Colonial Pipeline’s systems, triggering fears of fuel shortages on the East Coast. And throughout the pandemic, hackers launched ransomware attacks against hospitals and hospital systems, forcing facilities to delay patient care.
Hackers are able to break into systems by exploiting weaknesses, or errors, in the code that make up the operating systems and software that power computers and servers across the world. Since people write that code, and people are flawed, they inevitably introduce potential vectors through which hackers can launch their attacks.
Easterly said tech companies that power the world’s computers, like Microsoft (MSFT), need to be held to a higher standard to ensure that the software is as free of flaws as possible.
To do that, the director said companies need to create products that are secure by design, ensure that their software has security settings turned on by default, and that CEOs need to embrace good corporate cyber responsibilities.
“Cyber is a social good,” Easterly said. “It's about societal resilience. And my last message is that we need to fundamentally change the relationship between government and industry.”
More from Dan
Got a tip? Email Daniel Howley at firstname.lastname@example.org. Follow him on Twitter at @DanielHowley.