CISA Chief Calls on Cybersecurity Community to ‘Stop Selling Fear’
Director Chris Krebs wants government and industry to get a broader community of people involved in the fight against digital threats but not by fearmongering.
Cybersecurity pros in government and industry need to get a broader community of people engaged in fighting digital threats, but “selling fear” shouldn’t be their primary strategy, according to the Homeland Security Department’s cyber chief.
As director of the Cybersecurity and Infrastructure Security Agency, Chris Krebs has made it a priority to get more outside groups involved in his agency’s cyber efforts. He attributes the successful defense of the 2018 midterm elections to those partnerships, and in the run-up to the 2020 race and beyond, Krebs wants the broader cybersecurity community to follow CISA’s lead.
During a speech at the agency’s second annual Cybersecurity Summit, Krebs called on industry and government experts to do more to help society grapple with the growing array of digital threats targeting governments, private companies and everyday citizens. Those efforts can take in a wide variety of shapes, he said, from helping more small- and medium-size businesses bolster their networks to supporting cybersecurity education for high school and college students.
“We’ve got to do more to extend our capabilities to float all boats,” Krebs said. He also noted outreach efforts would also go a long way in addressing the shortage of cybersecurity personnel that today is plaguing both government and the private sector.
But as cyber pros do more to increase cyber awareness and galvanize better security practices across society, they need to be more realistic and level-headed in the way they present potential risks, Krebs added.
“One of the things we’ve got to do a better job of is [to] stop selling fear,” he said during his keynote address. “Fear sells, but we have far too much to offer to just be looking for the next mark. We’ve got to be more straightforward, more measured, more reasonable in how we talk about [threats].”
It’s easy to incite existential panic around an issue like election security, but Krebs noted those types of fearmongering tactics can often backfire.
“Are there true, absolute fundamental risks in the [election] infrastructure? Yes, but we have to take the hysteria out of the conversation, because ultimately what we do is we drive broader voter confidence down,” he said. “We have to have measured conversations about the risks.”
Throughout the summit, federal cyber experts stressed the importance of building stronger information-sharing pipelines and coordinating cybersecurity efforts among different agencies.
“None of us should have the hubris to think any one of us can do it alone,” said Tonya Ugoretz, deputy assistant director of the FBI’s cybersecurity division.