kras99 -

DNI Avril Haines: Cybersecurity is getting harder

During her RSA Conference 2022 keynote, the U.S. Director of National Intelligence discussed the increase in cyber threats, from nation-state attacks to commercial hacking tools.

U.S. Director of National Intelligence Avril Haines discussed the evolving challenges of cybersecurity and the role of U.S. intelligence agencies in meeting those challenges during a keynote at RSA Conference 2022.

The Monday afternoon RSA keynote, titled "Rethinking the Cybersecurity Challenge from an IC Perspective" was a discussion between DNI Haines and Michèle Flournoy, co-founder and managing partner of WestExec Advisors. The discussion was centered around the intelligence community as a whole, and how the community is handling evolving cyber threats.

A notable moment of the keynote came when Haines, who leads the Office of the Director of National Intelligence (ODNI), was asked whether cybersecurity was getting harder or easier. Haines answered the former.

"We still -- and I don't need to tell the crowd this -- have not figured out how to prevent intrusions of even sophisticated networks," she said. "That is a challenge I think that we are going to live with. And the reality is, from an intelligence community perspective, we're not a shield but we do provide a warning. And that is really one of the greatest values that we can give, so that others can take action to the extent they can."

However, Haines said the intelligence community's role in the cybersecurity landscape has raised larger questions about defending against growing cyber threats.

How do you actually manage systems in a way that recognizes the fact that you're not going to be able to create a perfect defense in effect?
Avril Haines U.S. Director of National Intelligence

"But it has caused us to think about … how do you, frankly, build a risk of failure into your systemic design?" she asked. "How do you actually manage systems in a way that recognizes the fact that you're not going to be able to create a perfect defense in effect?"

Haines said accounting for cyber risk was "critical" to addressing security within the U.S. government, especially with a multitude of threats including nation-state actors and financially motivated groups like ransomware gangs. In addition, she pointed to the increasing presence of commercial hacking tools and offensive cybersecurity products as a major challenge.

Another challenge, she said, involved privacy and protecting civil liberties. She said it is harder to maintain privacy when user data is easily accessible, thanks to third parties like data brokers.

The DNI also discussed the importance of partnerships, such as information sharing, between the public and private sectors. She said that in her decades of government, she has always emphasized improving public partnerships, adding that despite improvement there is still "enormous" work to be done.

The benefits of these partnerships are mutual, Haines explained. She said the intelligence community wants to build a collection of sources to effectively build a threat landscape, and that partnerships provide both the capability to better respond to threats as well as the ability to compare note and enhance industry-wide education.

The final benefit she mentioned was the wide range of expertise needed to tackle emerging challenges.

"It will come as no surprise to anybody here that we are in a competition for talent, and we really need as much as we possibly can," Haines said. "And we recognize that people are going to move in and out of government and into the private sector and learn different things in different spaces. And that's as it should be, in many respects.

"But it's critical to us to make sure that we're keeping those channels of communication open, and that we're also brainstorming together about what responses can be and other ideas for how we can actually affect the challenges we're facing."

Alexander Culafi is a writer, journalist and podcaster based in Boston.

Dig Deeper on Risk management

Enterprise Desktop
Cloud Computing