Skip to main content
close search
site logo
Dive Brief

CISA director wary of technology industry repeating its mistakes with AI

Published May 11, 2023
Naomi Eide's headshot
Managing Editor
Woman and a man standing on stage in front of a screen that says Hack the Capitol
CISA Director Jen Easterly getting ready to speak during Hack the Capitol in McLean, Virginia on May 10, 2023. Naomi Eide/Cybersecurity Dive

Dive Brief: 

  • The multibillion-dollar cybersecurity industry is the result of misaligned incentives, where the technology industry prioritized speed to market over security, said Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, at a Hack the Capitol event Wednesday. 
  • Easterly's comments build on the federal push to place the burden of security on technology providers rather than their customers, a core part of the recently released national cyber strategy.
  • As artificial intelligence and generative AI solutions descend into the technology ecosystem, the same concerns of security falling to the wayside apply. "I think we need to be very, very mindful of making some of the mistakes with artificial intelligence that we've made with technology," Easterly said. 

Dive Insight: 

U.S. cybersecurity officials are out in force to drive home the core tenets of the national cyber strategy in an effort to shore up critical infrastructure. This week Acting National Cyber Director Kemba Walden touched on how the strategy was mostly well received. And Anne Neuberger, deputy national security advisor for cyber and emerging technologies, outlined efforts to counter ransomware, with some consideration for a ban on ransom payments

Easterly, too, is doing her part to rally the technology industry and critical infrastructure maintainers to rethink security. 

"We don't have a cyber problem, we have a technology and culture problem," Easterly said. "Because at the end of the day, we have allowed speed to market and features to really put safety and security in the backseat."

No place in technology embodies the rush of speed to market better than generative AI. The craze OpenAI sparked through its release of ChatGPT has launched a race to incorporate the technology into every facet of the enterprise tool chain. 

Microsoft, Google and AWS moved to weave in generative AI offerings, and this week IBM followed suit. Vendors are incorporating AI into core products end users work with, from Slack to Google's productivity suite, including Docs and Sheets. 

That's not to say these products are insecure. Rather, they've just hit the market rapidly and are overhauling how users interact with technology. 

For Easterly, the primary way to catalyze a more sustainable approach to security that's not talking about how many attacks have happened post-mortem is to shift security as far left as possible. 

That way technology manufacturers and software providers, which are trillion-dollar companies, bear a much greater burden, she said. 

"They're owning the outcomes of security, which means that they're developing technology that's secure by design, meaning that they're tested and developed to reduce vulnerabilities as much as possible," Easterly said. "It's not going to go to zero."

But, Easterly said, companies can drive down the number of vulnerabilities without expecting customers to rush to patch every month when vulnerabilities are released.


 

Editors' picks

Company Announcements

View all | Post a press release
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
DigiCert Welcomes Lakshmi Hanspal as New Chief Trust Officer
From DigiCert
October 24, 2024
Varsity Brands Data Breach Investigation
From Migliaccio and Rathod LLP
October 15, 2024
Editors' picks
Latest in Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell