CISA hires cyber risk experts to meet emerging threats

The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency brought on two hired hands to help it grapple with shifting infrastructure cyber risks as the COVID-19 crisis grinds ahead.

The agency brought on Josh Corman as a visiting researcher and Rob Arnold to join CISA's National Risk Management Center as a senior cybersecurity and risk management advisor. The positions are temporary and set up under CARES Act authority, according to a July 22 CISA statement.

"The COVID-19 pandemic has resulted in noticeable shifts in cyber risk calculations for organizations of all sizes," said CISA Director Christopher Krebs in the statement. "The hardware, software, and services that underpin our connected infrastructure have absolutely been tested and stressed in this telework-heavy environment. At the same time, certain organizations and sectors of our economy have become more attractive targets for adversaries."

Krebs said the shifting threats require an "all-hands-on-deck" approach by CISA to get the best cybersecurity talent to the front lines.

In their positions at CISA Arnold and Corman, he said, will help the agency build technical capabilities, as well as bolster engagement with industry and research communities.

Corman will work on integrated industry engagement efforts supporting the COVID response, provide cybersecurity expertise on healthcare infrastructure, and support CISA's control systems and life safety initiatives, according to CISA.

Arnold, said the statement, will help the agency understand how cybersecurity risks have shifted from COVID-related factors and how the critical infrastructure community can best fortify defenses in response.

Both have deep experience with managing infrastructure cybersecurity issues, according to CISA.

Before being hired by DHS, Corman was the chief security officer at industrial software provider PTC and director for the Cyber Statecraft Initiative at the Atlantic Council's Brent Scowcroft Center for Strategy and Security. He also co-founded the non-profit IAmTheCavalry.org, group that volunteers to help improve cybersecurity for public safety.

He was also a member of the Congressional Health Care Industry Cybersecurity Task Force that developed a report on the state of cybersecurity in the healthcare industry.

Arnold has deep experience in translating cyber risk to business. He founded and is CEO of cyber risk management adviser Threat Sketch which helps executives at small organizations understand and act against cybersecurity threats.