A newly created U.S. cybersecurity agency said Thursday that China represents the greatest strategic risk to the U.S., and as a result, the agency’s top operational priority is reducing the risks from Chinese compromises to the global supply chain, including emerging 5G technology.
The statement was part of a report outlining the Cybersecurity and Infrastructure Security Agency’s strategic intent for the next five years. The agency is responsible for protecting America’s critical infrastructure, like election systems and power grids, from hackers and other cybersecurity threats.
Besides China, the agency’s other priorities include election security, federal cybersecurity and reducing risks for industrial control systems.
Christopher Krebs, the agency’s director, said in a speech Thursday that his agency is the nation’s “risk adviser,” which doesn’t have its hands on the keyboards of computer networks but rather seeks to make other agencies and companies do a better job managing risks against cyberattacks.
The priorities reflect the work CISA has already been doing since the agency was established in November 2018, a time during which the Chinese manufacturer Huawei Technologies Co. was blacklisted by the Trump administration amid security concerns and Russian agents were indicted for seeking to manipulate the 2016 presidential election.
“When we think about Russia, they’re trying to disrupt the system,” Krebs said, at an event at Auburn University in Alabama. “And China is trying to manipulate the system, so that requires us to take different approaches.”
CISA is currently offering services to election equipment vendors to find potential vulnerabilities in its systems. CISA’s work also includes protecting state and local governments from ransomware attacks, like the one that hit 22 towns in Texas last week. “Ransomware is not going anywhere,” Krebs said. “It’s only getting worse.”
CISA sits within the Department of Homeland Security. Krebs, the agency’s first director, joined the DHS in 2017 and was nominated to lead the agency by President Donald Trump in 2018. Before that, he was the Director for Cybersecurity Policy on Microsoft Corp.’s U.S. Government Affairs team.