Strong Encryption Is ‘Absolutely Fundamental,’ US Cybersecurity Chief Says

Encryption technology sometimes seems at odds with the goals of government and law enforcement, but Jen Easterly, the recently confirmed director of the Cybersecurity and Infrastructure Security Agency (CISA), gave it her stamp of approval during today's Black Hat security conference.

The remarks came after a pre-recorded keynote address, where Easterly called for closer collaboration between government and security professionals. She then joined Black Hat and DefCon Founder Jeff Moss via remote video for a brief Q&A session, during which he asked Easterly where she stood on the issue of encryption. 

Moss used the term "going dark," which is how some in government and law enforcement characterize end-to-end encryption because it cuts off their ability to see personal communications. He argued that there's a "false dichotomy" between security and privacy.

Easterly said she recognized that the issue is "hugely important" to both the Black Hat audience and the world at large. "We have to have strong encryption in order to defend [...] our networks," she said, to applause from the live audience.

"I realize there are other points of view across the government, but I think strong encryption is absolutely fundamental," she added.

Industry and researchers have generally resisted government efforts to weaken encryption or create so-called "backdoors" that would allow encrypted data to be read. This conflict culminated in the so-called Crypto Wars of the 1990s.

CISA Wants You 

While Easterly's comments earned her praise, the bulk of her keynote served to introduce herself and issue a call to action. She described her childhood love of Rubik's Cubes and her long history of public service in various roles, including with the US Army and the NSA.

Easterly's main topic was soliciting support from the security industry to help defend against cyberattacks on a national scale. Now is "an incredible moment in time when we have an administration that has made cybersecurity a national security imperative," particularly the fight against ransomware, she said.

She also announced the Joint Cyber Defense Collaborative (JCDC), which was celebrated on screen with an AC/DC style logo and some dancing on the part of the director. "I wanted to call it the Advanced Cyber Defense Collaborative, but the lawyers wouldn't let me," she quipped.

Tweet

According to Easterly, the JCDC will gather public and private sector security experts to share information, plan for worst case scenarios, and then carry out those plans when necessary. "You have to plan in peace time so you're ready in war time," she said.

Initial participants in the JCDC will include AT&T, AWS, CrowdStrike, FireEye, Google, Lumen, Microsoft, Palo Alto Networks, and Verizon

Easterly also outlined how CISA is working to bring more workers into cybersecurity, and made a pitch for employment at CISA. She called on attendees to help educate the general public on important security issues. "If we can collaborate together we can raise that cyber security baseline," she said.

Despite its position in the security industry, Black Hat doesn't usually host high-profile government speakers. The most notable exception was General Keith Alexander, then NSA chief, who appeared in 2013 in the wake of the Snowden leaks, who got a pretty chilly reception (and reportedly risked being egged).

But Easterly's statements come at a time of increasing government visibility in the world of cybersecurity. Earlier this year, Anne Neuberger, the Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology on the NSC, addressed the RSA Conference on the impact of post-release patching on national security.

Keep reading PCMag for more Black Hat coverage.

Comments are closed.