Enable breadcrumbs token at /includes/pageheader.html.twig

On Point: Q&A With Kaitlin Jewell

Credit: Titima Ongkantong/Shutterstock

Kaitlin Jewell, associate director of international affairs, Cybersecurity and Infrastructure Security Agency (CISA), leads engagement with foreign partners to build CISA’s capacity, strengthen the global defense against cyber incidents and secure critical infrastructure.

Do you look ahead at challenges posed by 5G and other emerging technologies?

Yeah, absolutely. In April, we did a joint release of CISA’s best practices for smart cities, which was a collaborative effort through us, NSA [National Security Agency], FBI, the United Kingdom’s National Cybersecurity Center, the Australian Cybersecurity Center, Canadian Center for Cybersecurity and the New Zealand National Cybersecurity Center. This product addresses the growing global demand for communities around the world to integrate information and communications technologies into their infrastructure to increase efficiency in their day-to-day life.

What are some of your biggest accomplishments in this position?

Oh, my goodness. One of the exciting things that we do is capacity building. That includes assisting countries in building their own competency in managing risk and strengthening security and resiliency and addressing both current and emerging risks. Through our partnership with the Department of State in the last year, we’ve been able to deliver workshops and training to cybersecurity specialists from Africa, Europe, Asia and South America. And by enhancing other countries’ organic capabilities, it simultaneously enables CISA to protect the homeland. It bolsters international security, and it promotes global societal resilience.

Does your support primarily take the form of training and information sharing?

Our capacity building, predominantly, is our ability to train and build capacity from an expert-to-expert exchange, the peer information sharing. We work to position the policy ecosystem in the context of those joint advisories and products where we have like-minded nations working collectively to address global challenges.

Tell us about the training you provide.

One of those training areas is our industrial control system or ICS training. Industrial control systems are used to support critical infrastructure worldwide. Our ICS training helps keep global networks alive and operational.

As the lead federal agency responsible for helping critical infrastructure partners manage ICS security risks, we partner and work with government and industry to deploy the technologies and practices that guard critical infrastructure from the threats today while building innovative capabilities to defend from emerging threats on the horizon.

We help enhance collaborative global efforts of the industrial control system stakeholder community by accelerating the design and development of secure systems.

How many countries do you currently work with?

We focus on partners with shared goals, but we really do work with almost all foreign governments in different capacities.

What would make international cooperation easier?

We are in constant communication with our interagency partners and with Congress about new tools that make international cooperation easier and more efficient.

A good example might be the Cyber Incident Reporting for Critical Infrastructure Act of 2022, or CIRCIA. Once those implementing regulations have been finalized, CIRCIA will require covered entities to report covered cyber incidents and ransomware payments to CISA.
CIRCIA really marks an important milestone for improving America’s cybersecurity by enhancing CISA’s ability to render assistance to victims who experience cyber incidents, spot trends and quickly share information to warn other potential victims.

Many cybersecurity incidents over the past decade could have been prevented by sharing timely, quality and actionable information, so with the authorities granted under CIRCIA, CISA will be able to rapidly deploy resources and render assistance to entities negatively impacted by cyber incidents and analyze incoming reporting across sectors to spot trends and quickly share information with network defenders to warn other potential victims.

That’s really what it’s all about: collectively helping people to remain safe and secure from bad actors who try to exploit vulnerabilities regardless of where you are in the world.