Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel

Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Also on Krebs' radar: the cyber-response to COVID-19 and intelligence-sharing between private and public sectors.

The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), which has held a historical role giving its critical infrastructure partners and federal civilian agencies the data and capabilities they need to defend themselves, is now "the nation's risk adviser," said former director Chris Krebs, in a keynote talk today at Check Point's CPX 360 conference


As director, Krebs was tasked with ensuring CISA understood the risk landscape as much as possible, and provided the right information, resources, and tools to partners so they could make risk management decisions. In the world of federal civilian agencies, 101 are responsible for their own risk management decisions, just as in the private sector or infrastructure space. 


At the virtual conference, Krebs explained how CISA approached the world through the lens of the risk formula: risk equals threat times vulnerability times consequence – "with a little bit of likelihood dashed on top," he noted. 


"The importance of this risk formula, as we saw it, was that it did not just focus on threat actors but included vulnerabilities in the software, services, and systems that we used on a daily basis, as well as the potential consequences of a successful attack on any of these key systems or our nation's infrastructure," Krebs continued.


Over time, it became clear that attackers were focused on civilian agencies and military and intelligence-related agencies, as well as critical infrastructure. Their capabilities spanned opportunistic scanning, seeking unpatched systems and VPNs to advanced, patient, and strategic intrusions, such as what we've seen in the supply chain attack tied to SolarWinds.


That said, it's i ..

Support the originator by clicking the read the rest link below.