CISA Could Improve Coordination With Other Agencies, Government Officials Say

Government officials said the Cybersecurity and Infrastructure Security Agency could enhance its network security support for other agencies.

Speaking at a Center for Strategic and International Studies-hosted event, Jeff Spaeth, deputy chief information officer at the Department of Veterans Affairs, said CISA could improve the speed at which it notifies agencies about new vulnerabilities in a vendor’s widely used product. According to Spaeth, CISA tends to lag in delivering technical aspects of some vulnerabilities, showing a lack of urgency.

Amber Pearson, deputy chief information security officer at the VA, wants CISA to expand its efforts in crucial areas, such as promptly sharing information when a cloud service provider overlooks a critical patch or encounters a threat indicator.

Meanwhile, Jeff King, principal deputy CIO at the Department of the Treasury, said CISA must take on a more aggressive role in setting cybersecurity standards, Federal News Network reported.

The officials’ comments came nearly a month after the Department of Homeland Security’s inspector general found lapses in CISA’s coordination with the water and wastewater section.

According to the IG office’s report released in January, CISA failed to share cybersecurity expertise with the Environmental Protection Agency and other stakeholders despite having the tools and expertise needed to mitigate critical infrastructure threats. The OIG also noted that CISA was inconsistent in coordinating with the EPA and other stakeholders because of a lack of formal collaboration mechanisms and personnel.