Infrastructure Security in the Cyber Age a Conversation with CISA Director Jen Easterly.
Cyberspace has become the new frontier of conflict and competition, securing critical infrastructure against sophisticated nation-state and non-state actors is no longer a luxury it’s an imperative. Nowhere is this more evident than in the mission of the Cybersecurity and Infrastructure Security Agency (CISA) under the U.S. Department of Homeland Security. Since its creation in 2018, CISA has stood on the frontlines of defending the systems that keep America running, from the power grid to transportation networks. With emerging threats from adversaries like China, Russia, and Iran, the stakes have never been higher.
These pressing issues took center stage during a fireside chat hosted by FDD’s Center on Cyber and Technology Innovation (CCTI). The conversation featured CISA Director Jen Easterly and was moderated by retired Rear Admiral Mark Montgomery, CCTI senior director and former executive director of the congressionally mandated Cyberspace Solarium Commission. In the discussion, Easterly offered her insights into how far the U.S. has come in building cyber resilience for critical infrastructure and how much work remains ahead.
Unprecedented Threats in the Cyber Domain
The chat began with an overview of the rapidly evolving cyber threats facing the nation. According to Easterly, the U.S. finds itself wading through uncharted waters as adversaries grow increasingly aggressive and resourceful in cyberspace. She highlighted the following key threat actors and their tactics:
1. China’s Prepositioned Cyber Capabilities:
Easterly confirmed reports that China has embedded destructive cyber tools within U.S. critical infrastructure, including energy and transportation systems. These malicious capabilities which could be activated to cause widespread outages or derail logistical operations are reminiscent of modern-day sleeper cells, silently waiting for a signal.
2. Russia’s Undersea Cable and ICS Threats:
Russia’s military doctrine explicitly incorporates cyber capabilities to target undersea cables that carry the internet and industrial control systems (ICS). Cutting undersea cables could sever global communication routes, while disrupting ICS could halt production in sectors like energy and manufacturing, crippling U.S. economic and military readiness.
3. Iran’s Exploitation of Vulnerabilities:
Iran has increasingly exploited unprotected networks. Recent incidents, such as attacks on water treatment and monitoring systems, demonstrate Tehran’s growing willingness to impose tangible, real-world harm on U.S. infrastructure.
America’s Cybersecurity: Where Do We Stand?
When asked how vulnerable America is in cyberspace today, Easterly emphasized that while progress has been made, significant challenges remain. “America is a target-rich environment for cyberattacks because of our reliance on interconnected systems,” she said. “The private sector owns and operates the vast majority of our critical infrastructure, leaving collaboration between government and industry as both a necessity and a challenge.”
Easterly cited improvements made in recent years, thanks in part to frameworks like the National Cybersecurity Strategy, the adoption of zero-trust principles, and partnerships forged under the Joint Cyber Defense Collaborative (JCDC). But she also pointed to gaps in resilience, particularly in smaller entities less capable of fending off advanced persistent threats (APTs).
Public-Private Collaboration: Transforming the Landscape
One of the most significant shifts in cybersecurity over the last six years has been the deepening partnership between the public and private sectors a pillar of CISA’s mission. Easterly praised the growing willingness of private companies to share threat data with CISA, enabling more proactive and coordinated responses.
Specific initiatives to boost collaboration include:
– The establishment of JCDC: This initiative brings together public and private entities to identify, prioritize, and respond to potential cyber threats.
– Information-sharing programs: CISA has spearheaded efforts to break down barriers to real-time sharing of threat intelligence between the government and companies.
– Cybersecurity grants for infrastructure owners: Federal funding is helping incentivize and equip private-sector organizations to modernize their defenses.
Bolstering National Cyber Resilience
As the U.S. faces increasing cyber aggression, a key question emerges: How can CISA raise the bar for national cyber resilience? Easterly proposed three primary strategies:
1. Investing in People and Education:
Easterly called for a focus on workforce development to close the cybersecurity talent gap. “We need to inspire the next generation of cyber defenders and equip them with the skills they need to protect our systems,” she said. Programs like CISA’s Cybersecurity Education and Training Assistance Program (CETAP) aim to support this effort.
2. Encouraging Innovation:
Investing in innovative technologies like artificial intelligence (AI), machine learning, and automated threat detection could help modernize the defense of aging infrastructure systems. Easterly underscored the importance of embracing innovation without sacrificing security. “Smart city technologies and IoT devices must come with built-in cybersecurity from day one.”
3. Strengthening Incident Response Plans:
Building more robust response and recovery capabilities against attacks is a top priority. Easterly pushed for greater adoption of tabletop exercises and simulated cyberattacks to identify vulnerabilities before real adversaries do.
4. Legislative and Regulatory Changes:
Easterly also urged lawmakers to enact updated cyber regulations for critical infrastructure sectors, ensuring compliance with best practices. “We’ve made strides, but we need legislation that aligns with the realities of 2025 not 2005.”
The Road Ahead
The fireside chat ended with Easterly striking a cautiously optimistic tone: “We won’t solve this overnight, but if we continue to build partnerships, invest in our people, and take the growing threats seriously, I’m confident we can turn the tide in favor of cyber resilience.”
As adversaries refine their capabilities, CISA’s role as the nation’s cyber defense hub becomes increasingly critical. The conversation served as a potent reminder of the importance of vigilance, collaboration, and innovation in navigating the complex challenges of infrastructure security in the cyber age.
