FAIRCON23: Top Federal Cybersecurity Officials Endorse Risk-Based Approaches, Ask for Industry’s Help to Solve a Cyber “Data Crisis” and AI Risk
In a remarkable sign of the success of the FAIR movement, two key cybersecurity officials, Federal Chief Information Security Officer Chris DeRusha and Eric Goldstein of CISA, made keynote appearances at the 2023 FAIR Conference and spoke in terms that the FAIR Institute has been proposing from its start.
Watch the video:
Moderator: Nick Sanna, President, FAIR Institute
Chris DeRusha, Federal Chief Information Security Officer and Deputy National Cyber Director
Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA
“One of the reasons I am so excited to be at this conference and am so grateful for work that the FAIR Institute and all of your partners have done is, we have a data crisis in cybersecurity,” Eric Goldstein said. “We have no way of saying, as a country or a community, ‘how are breaches actually happening?’…How is the harm actually occurring, and what investments would have been most effective at reducing that harm?...
“We are fully aligned that cybersecurity is a business problem, not a tech problem and the only way to make a problem relevant to business leaders is to quantify it in a way that it can be weighted against other kinds of business risk. Cybersecurity historically has been dramatically behind [other risk disciplines]. Work being driven by the FAIR Institute is trying to close that gap.”
Read the Wall Street Journal’s article on this FAIRCON23 session (subscription required)
Goldstein talked up initiatives from the federal government at cyber data gathering such as the new incident reporting act CIRCIA and promised that the feds were working on “burden reduction” to protect CISOs from over-reporting requirements, an advocacy initiative of the FAIR Institute.
Chris DeRusha also made a pitch for involvement from the audience in commenting on the sweeping executive order on AI (released October 30, still in the works when he appeared at FAIRCON) – the OMB is now collecting public comments at AI.gov.
DeRusha added that complaints from CISOs who react “’I am managing my risk…why do I need to report on that?’ That’s not the right perspective. We together are managing the nation’s risk…Adversaries are moving faster every day and you all know that because of the rise of AI. We have to be willing to take some risks with each other to share meaningful relationships.”