New Assistant Director At CISA Puts Focus On Critical Infrastructure

In his first public appearance as Assistant Director for Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), Bryan Ware set out the agency’s plan for 2020. Ware noted the importance of state security and data policy for the Department of Homeland Security (DHS) as well as discussing the key focus areas for CISA moving into the new year.

Rather than mitigating risk through regulation, Ware discussed the importance of building interagency partnerships to focus on security and bridging gaps between the public and private sector.

“We don’t compel information sharing or vulnerability disclosures,” he said. “Those are activities that we encourage and we enable — really, to do that, it requires partnerships… We have to form partnerships that work for both sides of the partnership, so to speak. That’s really the culture we’re building at CISA — it’s a requirement we have to do the job that we’re called upon to do.”

Ware comes from a background in the private sector. He was originally a tech industry entrepreneur working with artificial intelligence. In 1998, Ware founded a company that quantified the risk of terrorist attacks to government facilities. He has worked on algorithms to support drones and spent multiple years as an executive at data analytics company Haystax Technologies.

Ware joined DHS in 2018 as a senior advisor to then-Secretary Kirstjen Nielsen. Since Nielsen’s departure, Ware has been an assistant secretary at the agency working on policies relating to critical infrastructure protection against hacking threats.

Ware predicted the DHS and CISA’s focus on cybersecurity will continue this year.

“The critical infrastructure responsibilities that DHS has had since its formation have really morphed and evolved over time to be not just the physical risks that we used to be concerned about after 9/11, when DHS was formed, but now increasingly the cybersecurity risks to critical infrastructure,” Ware said.

Ware noted that his office, and the agency as a whole, must better utilize data outside of the silos in which data are collected. Ware explained that as threats evolve and needs change, data from one project must be refocused and reapplied as necessary.

“We think we know what we need five years from now,” he said. “But think about how many things, really, have changed in the last two years that we weren’t fully accounting for. Those programs … were designed like they were single-point solutions, and that target has moved significantly over the last few years. It creates an incredible pressure on the challenges of integrating data: how we move data from a silo for which it was designed into a place where it can be leveraged for new mission areas, [and] how we move across one specific vendor solution to multi-vendor solutions.”

Ware concluded his public appearance by noting some of the priorities CISA’s cybersecurity directorate has for 2020, including “embracing multi-cloud environments;” retiring legacy systems; “designing for scale [and] sharing,” which is especially difficult considering classification and privacy concerns; and “aligning across our mission areas,” to make the best use of past knowledge when combining it with emerging technologies like AI and machine learning.