Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency (CISA), said the agency is preparing to implement new authorities to solicit information from internet service providers for national security purposes, Nextgov reported Monday.
Wales said at a recent industry event that CISA “has been pushing” for the authority’s implementation over the past few years and that the agency is preparing to roll out training activities in the coming months.
Under the National Defense Authorization Act (NDAA), Congress granted CISA the authority to obtain customer data from ISPs to enable information sharing on system vulnerabilities.
Wales noted that CISA is not looking to regulate companies but rather provide insight into identified vulnerabilities as ransomware continues to impact control networks and operational technologies.
His comments come after Anne Neuberger, deputy national security adviser for cyber and emerging technology and a 2021 Wash100 Award recipient, called for more visibility into private and public networks to fortify the security of industrial control systems.
"I think we've been, we've been very lucky to have a supporter of this agency and an extremely capable, knowledgeable, cyber professional with Anne Neuberger at the White House,” said Wales.
