CISA to focus on hospital, school, and water cybersecurity over the next year
Image: Jen Easterly at AvengerCon 2021
Martin Matishak October 20, 2022

CISA to focus on hospital, school, and water cybersecurity over the next year

Martin Matishak

October 20, 2022

CISA to focus on hospital, school, and water cybersecurity over the next year

The Cybersecurity and Infrastructure Security Agency over the next year will focus its efforts on improving the digital defenses of three critical infrastructure sectors, the organization’s chief said Thursday. 

The Homeland Security Department cyber wing will train its attention on three critical infrastructure sectors full of “target-rich, resource-poor” entities, namely water, hospitals, and K-12 schools, CISA Director Jen Easterly said at Mandiant’s mWISE conference in Washington, DC.

Her comments came a week after a senior Biden administration official said the White House would work with entities in communications, water and healthcare to strengthen the cybersecurity of those sectors.

Easterly specifically cited the recent ransomware attack on the Los Angeles Unified School District, calling it a “case study” for cyber incident reporting because the victim reached out to the FBI and CISA for assistance.

“We were working with them very early on and they were very transparent… They did a press conference, they said, ‘This is what we know. And this is what we’re going to do about it and we’re going to keep you informed.’ That transparency really raises the bar and raises all boats,” according to Easterly.

“When you understand what the threat is you can prepare yourself,” she added. “It’s like in a neighborhood. You’d want to know if your neighbor got robbed because you’re gonna put your shields up. You’re going to be on guard and have that level of vigilance. That’s really where the country needs to be.”

Easterly also said CISA plans to publish the final version of its cross-sector cybersecurity performance goals next week. The metrics were originally due in July under a national security memorandum issued last year that addressed cybersecurity for industrial control systems utilized in critical infrastructure.

“For the first time I think we’re going to be able to materially measure the reduction of risk across the most critical areas,” Easterly said.

Martin Matishak is a senior cybersecurity reporter for Recorded Future News. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication's cybersecurity newsletter.