CISA floats plan to partner with local universities for ‘311’ cyberattack triage service
Image: The Record
Jonathan Greig September 14, 2022

CISA floats plan to partner with local universities for ‘311’ cyberattack triage service

Jonathan Greig

September 14, 2022

CISA floats plan to partner with local universities for ‘311’ cyberattack triage service

The Cybersecurity and Infrastructure Security Agency (CISA) held its fourth Cybersecurity Advisory Committee meeting Tuesday, kicking off the latest round of recommendations from cyber experts for tasks the agency needs to take on.

The meeting featured announcements that a plan to create a ‘311’ emergency call line and clinics for assistance following cyber incidents for small and medium-sized businesses is now in the works.

During yesterday’s meeting, several subcommittees — made up of public and private cybersecurity experts who provide recommendations on policies, programs and planning — spoke about the need for some form of emergency services for organizations that cannot afford them on their own. 

Committee member Bobby Chesney, who serves as the dean of the University of Texas School of Law, said the 311 idea is now moving forward after being floated during the June meeting.

The effort is intertwined with another key initiative of the committee: increasing the amount of cyber talent in the U.S. 

Chesney said the best way to scale up a program like this is for universities and college communities across the country to be involved in the effort, with students being properly trained to provide the most basic cybersecurity services. 

In most instances, Chesney said the help would come before attacks but would also be available “in the form of incident response in some cases.”

“It’s obviously beneficial to the local entities to be the recipient of the service, making them far better off than they would be without it. But it also speaks to the talent pipeline issue challenge that we have as a society,” Chesney said. 

“This is a potentially precious experience for the students and, of course, before they get deployed, they will be trained up as well.” 

Chesney is working on a collaboration between the City of Austin and the University of Texas at Austin where students would provide cybersecurity services through a 311-like platform. 

CISA director Jen Easterly lauded the idea during the meeting and compared it to another effort from Craigslist founder Craig Newmark that would create a “cyber civil defense” force

Easterly added that the effort would address one of the main concerns many committee members have about their focus on “systemically important entities” (SIE) — a term the board used to describe critical infrastructure. 

Many questioned whether the focus on the cybersecurity of power, transportation and telecommunications entities left thousands of other organizations in the wind as they face a barrage of criminal and nation-state threats. 

“I think it will help us with the issue about what do we do for those that don’t end up in the SIE bucket but are those nonprofits and those small businesses that still need to know how to protect themselves online,” she said. 

Easterly said the development of a national cybersecurity alert system would also help defenders “calibrate the level of intensity based on the fact that we know there are threats, potentially within a certain region or within a certain sector.”

We will never bring our shields down because we always need it in cyberspace but we understand that we can’t always do it at the highest level of intensity because that can lead to staff burnout and significant issues with our workforce,” she explained. 

A representative from the Department of Commerce also attended the meeting and said they are working on a cybersecurity apprenticeship in collaboration with the Department of Labor and the National Institute of Standards and Technology.

The goal is to create apprenticeships as another way to bring in entry-level individuals and provide some level of reskilling and mentoring. 

New Recommendations

Much of the meeting was spent providing updates on recommendations offered to Easterly during the last meeting in June, but two new recommendations were provided to the CISA director. 

The subcommittee focused on Protecting Critical Infrastructure from Mis- Dis- and Malinformation (MDM) recommended that throughout election season, CISA provide local governments with threat intelligence and advice on where cyber threats are coming from. 

The recommendation said CISA needs to coordinate with the various cyber agencies in the Defense Department and make sure election officials had intelligence on foreign disinformation threats and more. 

The subcommittee also emphasized that more needed to be done to protect the country’s court system because of its “essential role… in ensuring the resolution of disputes about the election process and ensuring the peaceful transfer of power.” 

Suzanne Spaulding — a former undersecretary of the Department of Homeland Security – told participants on the call that the court system may “be the target of an intensified campaign to undermine public trust in the legitimacy of their processes.”

“Given their essential role, the subcommittee stated that CISA should share relevant information around foreign hacking and disinformation attacks with the courts, and that the IC include adversary activity targeting the courts in the collection and analysis priorities related to elections,” she said. 

Spaulding also warned that there is a “very urgent risk facing our elections” considering election day is less than two months away. 

The subcommittee examined the threats posed by misinformation and superficial cyberattacks intended to scare the public into doubting election results. 

We saw in the 2016 election and we’ve seen since, both here and overseas, noisy malicious cyber activity that is really designed primarily to reduce public trust in the legitimacy of that process,” she said.

Spaulding added that since then, experts have seen the scanning of voter registration databases designed to “make a lot of noise or potentially getting in and corrupting that data in a way that would again, reduce public trust in the process.”

The subcommittee suggested CISA use its influenceto push content from authoritative sources like local and state election officials.

In surveys of local officials and focus groups, Spaulding said they were asked repeatedly for attribution of cyberattacks and misinformation campaigns because “it has been shown this is important to many Americans.”

Easterly added that Eric Goldstein, executive assistant director for cybersecurity at CISA, has worked to release a toolkit of free cybersecurity resources tailored to the election community. She agreed with the committee’s assessment that the intelligence community has insights into foreign malicious adversaries that “may be trying to implement or disrupt our elections.”

CISA provides direct services to political campaigns that includes assessments, guidance, vulnerability disclosure and more, Easterly said. 

CISA outreach

A major part of the presentation involved CISA’s efforts to establish collaborative relationships with the private sector. 

Goldstein said that while they have not “seen a significant cyber intrusion affecting U.S. organizations or networks,” the agency is “concerned about the state of the cyber risk landscape overall.”

Goldstein mentioned the recent cyberattack on Albania as well as the ransomware attack that continues to affect the U.K.’s National Health Service, adding that CISA continues to see a “prevalence of ransomware extrusions affecting organizations large and small, across sectors.”

“Just last week, we brought together nearly 1,000 organizations across sectors to talk about the ransomware intrusions in the U.K. and share really timely and actionable mitigation steps that every organization can take to secure their networks against this continued challenge,” he said.  

The CISA executive added that on Wednesday, the FBI and CISA kicked off the Joint Ransomware Task Force, which was part of the recently passed incident reporting law. The goal of the force is to unify law enforcement efforts to stop ransomware attacks and “measurably reduce” the amount of ransomware incidents affecting American organizations.

The effort will also include private sector partners and members of the Joint Cyber Defense Collaborative as well as the Institute for Science, according to Goldstein. 

Easterly plans to look through the recommendations from June and this latest meeting before finalizing agency responses by around October 6. The next meeting will take place in California, she said, but a date has not been finalized. 

CISA executive director Brandon Wales noted that the planning document released ahead of the event is light on specific details because the agency wants the ability to adjust tactics over the next three years due to the ever-changing threat landscape. 

“No one could have predicted necessarily the exact risks we were going to be dealing with in the face of a global pandemic,” he said. 

“We want the ability to make sure we have the right capacity, but kind of adapt to the operational realities that we may face in the years ahead.”

Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.