On a sunny January day, Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency (CISA), prepares for a potentially challenging conclusion to her tenure. Shortly before the inauguration of President Joe Biden, Easterly, 56, found herself caught in a narrative of uncertainty as the incoming administration signaled a shift in cybersecurity leadership. Notably, she expressed disappointment that she was not invited to continue her role, especially given the critical state of national cybersecurity.
Easterly’s office, adorned with a large shark head and a cleverly branded Rubik’s Cube, reflects an energetic style that contrasts sharply with the serious threats faced by the agency. Under her leadership for the past three and a half years, CISA has grappled with significant cybersecurity incidents, including the notorious SolarWinds hack, which exposed a host of vulnerabilities within U.S. federal systems—a reminder of the pressing challenges that lie in safeguarding national infrastructure.
A recent targeted attack by a group linked to Beijing, known as Salt Typhoon, has intensified scrutiny on CISA’s functions. This group infiltrated American telecommunications providers, harvesting sensitive information such as call logs and text messages. Experts have characterized this intrusion as one of the most substantial breaches in the history of U.S. telecommunications, revealing systemic weaknesses that require immediate remediation. CISA’s initial detection of Salt Typhoon’s operations within federal networks provided crucial early warnings that contributed to a broader understanding of the operation’s scope, enabling a more proactive response.
However, the agency now faces a precarious future. During a senate committee meeting, Kristi Noem, nominated by Trump to head the Department of Homeland Security, emphasized the need for CISA to become “smaller” and “more agile.” The implications of this directive may threaten existing programs dedicated to protecting cyber infrastructure, raising concerns about the strategic effectiveness of CISA moving forward.
Easterly’s pivotal role began amidst the fallout from the SolarWinds hack, propelling CISA into the national spotlight as it shifted from a relatively unknown entity to a key player in the defense against cyber threats. Since then, her approach has been to foster collaboration across federal, state, and private sectors. CISA focuses not on enforcement but on promoting cybersecurity best practices and providing essential support to mitigate risks, with Easterly emphasizing relationship-building as a cornerstone of the agency’s strategy.
The challenges of navigating the complexities of cybersecurity demand both tenacity and a unique ability to forge connections across diverse groups. Easterly’s extensive background—including her service in the Army, her roles at the National Security Agency, and her leadership at Morgan Stanley’s global cybersecurity—equips her with insights necessary to tackle these threats, while her approachable demeanor has allowed her to engage with stakeholders effectively.
As the cybersecurity landscape evolves, maintaining open lines of communication and collaboration remains vital in addressing future threats. The CISA must quickly regroup to continue the efforts initiated by Easterly, as the escalating risks posed by sophisticated attackers will likely require even more robust defenses going forward.
With the Salt Typhoon incident in focus, it highlights the pressing need for vigilance as organizations across the country remain at risk from adversaries employing methods outlined in the MITRE ATT&CK Matrix. Techniques such as initial access, persistence, and privilege escalation may have been utilized in these attacks, underscoring the importance of preparedness against future cyber incursions.
Easterly’s departure leaves a significant gap in leadership at CISA at a time when effective cybersecurity measures are critical for national security. As the agency transitions, it must address the lessons learned from recent breaches to ensure that the infrastructure remains resilient against escalating cyber threats.
