Jeff Greene’s tenure at the Cybersecurity and Infrastructure Security Agency didn’t start out as he imagined.
On his first day back in June, the new executive assistant director for cybersecurity in the Homeland Security Department agency tripped down the stairs in his house and broke his left arm. Not only did he show up with his nondominant arm in a sling, but he also had a few bumps and bruises.
“I tell people of my first three hours in this job, I remember about 30 minutes of it, but I made it in the next day. The one-handed typing was one of the worst adjustments for me, and I think for my adult kids having to drive me to work for the first four-to-six weeks was the worst part of it for them. But I drove them a lot of places throughout their lives, so I guess it’s a little payback,” Greene said during Federal News Network’s Cyber Leaders Exchange 2024.
“Besides that first day and first few months, probably the biggest adjustment for me has been all the different things that the Cybersecurity Division does or the different subdivisions that are part of CSD. Then, also how we interact and connect with the other parts of CISA, how we connect really well in some cases and how it’s still an evolving effort in other cases.”
Greene said his bad luck, or more likely over excitement, meant the accident humanized him with his new team members.
This unfortunate circumstance, however, jived well with what former Executive Assistant Director for Cybersecurity Eric Goldstein, whom Greene replaced, tried to do: Create a culture of inclusivity and openness.
Never stop asking why
Now, Greene is trying to keep and even evolve that culture by his team finds CISA a place where there are no stupid questions when it comes to improving federal and private sector cybersecurity.
“The odds are if you don’t ask the question, you’re going to look dumber than if you did. So I lean into that,” he said. “I’ve also tried to share with the team here that my mindset is to have a culture of why we should be asking why. If we can’t answer why we’re doing something in a decent level of detail, then maybe we should step back and think about how and why we’re doing it — understanding the answer may be totally valid. I want people to push me on that same thing. If I say, I want to go left even though you want to go right, people should ask me why.”
By preserving and expanding the culture of questioning the status quo and seeking better ways of doing things, Greene believes he’s heeding Goldstein’s most important advice: Build relationships across CISA, DHS, the White House, federal agencies and, of course, Capitol Hill.
“I came into an organization that I think was running fairly well. I’m acutely aware of the cost of the transition, the frictional cost of making big changes. Because I thought that we were hitting on a lot of cylinders, I was willing to take the time to figure out where I thought we really needed to make some adjustments, and also then step back and see if the proverbial juice was going to be worth the squeeze on certain initiatives,” he said. “One of the things I focused on is our partnerships, the Joint Cyber Defense Collaborative in particular. I think JCDC has really excelled engaging in exigent circumstances.”
CISA created JCDC in August 2021 with the goal of teaming up with other civilian, Defense Department and Intelligence Community agencies, major cloud providers, cyber companies and other private sector partners to combine efforts on planning, threat analysis and defensive operations.
Three years later, JCDC now includes more than 340 partners and shares cyberthreat and analysis information across more than 40 different channels.
Through the collaborative, CISA and its federal partners are providing and receiving cyberthreat intelligence on everything from the latest ransomware to lessons learned from the Ukraine-Russia war.
CISA providing more value to private sector
Greene said he believes the JCDC platform is working well and helping to better establish long-term partnerships across all sectors.
He added the success of JCDC, both from a government and a private sector perspective, results from clear expectations on both sides of what it means to partner and what information can or cannot be shared.
Most would agree that CISA, federal agencies and private sector companies are in a different and better place today than ever before when it comes to working together to defend against evolving cyberthreats.
“I’ll give a pretty specific example of when I was in the private sector. We were brought in to hear, at the highly classified level, about a particular new and emerging threat that was quite worrisome. At the end of the meeting, all the private sector folks looked at each other and were like, ‘This is really useful information, and it is completely not actionable because we can’t go out and tell anyone,’ ” he recalled.
“So we sat in that room and had a conversation with our government partners and worked out what are the four or five things that we can go say on a telephone. What can we call our hunt teams and tell them to do? We came up with something. It actually was very useful. Where I worked, the hunt teams really dug in on it, but that was ad hoc. That process is now institutionalized, and that’s why we are in a fundamentally different place in the government.”
That trust and relationship is more important than ever, he said. Greene pointed to cyberthreats from China’s Volt Typhoon and similar organizations as an example.
CISA has made it a priority to share information about how the public and private sectors must prepare for Volt Typhoon-type organizations that are prepositioning themselves for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of any major crisis or conflict with the United States.
Preparing for disruptive attacks
“I worry about Volt Typhoon coming to be seen as a flavor of the month problem. This is a generational, long-term problem, whether it’s called Volt Typhoon or something else — both the adversary and the techniques and the type of vulnerabilities that they’re taking advantage of. We need to make sure that that there is a steady state, long-term effort,” Greene said.
“I’m trying to think about it with the team, how we both address that from a technical standpoint — countering their adversary and fixing the problems — but also from a public standpoint to make sure individual citizens understand it and think about what they can do as well as what companies can do.”
Greene said CISA is leaning on JCDC to provide a level of detail around tactics, techniques and procedures of Volt Typhoon’s targets as well as potential mitigations, even though some information remains at a high classification level.
Another example of JCDC’s impact is CISA’s ability to share warnings with about 800 entities in the first quarter of fiscal 2024 ahead of ransomware attacks.
“With the bulk of the information out there held by the private sector, we are able to engage with them. I do think that was a big part of it — to know that this is out there in the private sector,” Greene said. “Volt Typhoon is maybe in a little different place because that’s some real interesting work to be able to get that to the point where the government shared it out in the depth they had. I think that is a realization of the flip of how the private sector has the data and the private sector has to take the measures to provide the security that we talk about.”
The government doesn’t have the authority to mandate responses in most cases. But as Greene added, “For a lot of entities, even if the government could mandate it, that doesn’t make it possible because there’s resource or other limitations. So leaning into that voluntary side with a healthy dose of government authority, when we need it, is an important balance. I hope it has sunk in for my private sector partners that you know we really are doing everything we can to get information out to you.”
Discover more articles and videos now on Federal News Network’s Cyber Leaders Exchange 2024 event page.
Copyright
© 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.