CISA, DOD Weigh in on Protecting the Nation’s Most Critical Infrastructure
Efficacy testing and trend identification help tackle sources of strategic risk.

Federal agencies are taking cues from industry for some of their most pressing cybersecurity challenges.
One challenge for the Cybersecurity and Infrastructure Security Agency’s National Risk Management Center includes the threat model that has shifted in the past few years.
“There’s just more action right now in probing, trying to figure out things,” said the center’s assistant director, Bob Kolasky. “There’s more learning, and the adversary is getting better.”
As one of the newest components of DHS, CISA is a leader in protecting the nation’s critical infrastructure. The National Risk Management Center within the agency focuses on tackling sources of strategic risk by “studying trends and taking in information around all technology, around convergence, around where the [adversarial] actors are looking to do things,” Kolasky said while speaking on a panel at MeriTalk’s Cyber Strong Brainstorm event.
“We are applying those to our understanding of the most critical functions that our infrastructure produces and then working together with industry and other parts of government to make progress to close some of those gaps,” he added.
Working to keep up with a shifting threat model is not an issue foreign to the Defense Department, neither is the use of legacy systems. Yet both still present their own set of challenges.
Referencing a Government Accountability Office report regarding DOD’s use of Windows XP, DOD Director of Cyberspace Mission Assurance and Deterrence Daryl Haegley said, “That shouldn’t be any news to anybody.”
Part of the greater challenge, however, is, “Who is ready to fork up the money to pay to get all [of the systems] to the latest versions?” he added.
To help agencies such as DOD with their cyber challenges, U.S. Cyber Command in partnership with the Maryland Innovation & Security Institute created DreamPort, a cyber innovation, collaboration and prototyping facility right outside Washington, D.C. Much of the work DreamPort does is efficacy testing, modeling and evaluation with regard to cyber aspects of the Defense Industrial Base.
Overseeing DreamPort’s operations is Director Armando Seay, who addressed the critical need for U.S. supply chains in order to mitigate risk.
“If we want to reduce the amount of threat vectors there are,” he explained, the solution “is to start manufacturing the things that are the most critical to our critical infrastructure back in the U.S., where we control the supply chain, where we can put our rules and regulations on it, rather than hunting for the adversary under every couch cushion.”
Although Seay has already seen a lot from industry, he would like to see more in terms of “awareness of the problem set,” he said. “There’s definitely a huge shortfall. … One of the best ways to begin to prepare to defend against something is to understand the threat, understand how it exists and where it exists.”
As for DOD, Haegley would like to see industry using its own products. He explained that in meetings he will often ask if companies are using the solutions they bring to government to manage their “own building systems in [their] headquarters” — they don’t.
Nonetheless, he is appreciative of the impact industry can have on implementing positive change.
“It took industry to communicate to Congress to put together, in NDAA language,” said Haegley, referring to section 1650 of the National Defense Authorization Act for fiscal year 2019, which grants “pilot program authority to enhance cybersecurity and resiliency of critical infrastructure.”
“That did not happen on our own, and I’m very thankful for that,” said Haegley. “Because now over the next two years, we are sending teams out. We are looking at our critical infrastructure of our most important bases and systems, and once we get through that assessment, we will need mitigation. We will need solutions.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
DOD Can No Longer Assume Superiority in Digital Warfare, Officials Warn
The DOD must make concerted efforts to address cyber vulnerabilities to maintain the tactical edge, military leaders said at HammerCon 2025.
4m read -
Tracking CIOs in Trump's Second Term
Stay informed on the latest shifts in federal technology leadership as new CIOs are appointed and President Trump's second term takes shape.
6m read -
Inside Oak Ridge National Lab’s Pioneer Approach to AI
Energy Department’s Oak Ridge National Lab transforms AI vulnerabilities into strategic opportunities for national defense.
22m listen -
AWS Summit: Innovation Accelerates IT Delivery at DOD
Marine Corps Community Services is tackling outdated IT processes with agile development and cutting-edge cloud security to deliver mission-critical capabilities faster.
12m watch -
AWS Summit: NIST Secures High-Performance Computing Against Evolving Threats
NIST’s Yang Guo reveals the broad attack surface of high-performance computing and explains developing guidance and future-proofing security strategies.
9m watch -
Trump Overhauls Federal Cybersecurity with New Executive Order
The new directive aims to strengthen digital defenses while rolling back "burdensome" software requirements and refocusing AI security.
3m read -
AWS Summit: Forging Successful Cloud Modernization Partnerships
Industry leaders share insights on the critical role industry partnerships have in enabling government agencies to navigate procurement challenges for cloud and zero trust solutions.
24m watch Partner Content -
CISA's CVE Program and Why it Matters for Zero Trust
The vulnerability program provides the cybersecurity community visibility into software as part of a key pillar of CISA's zero trust model.
5m read -
Air Force, Coast Guard Talk Data Security Efforts for AI Development
The services' AI initiatives include efforts like creating clean training data, countering data poisoning and bridging siloed teams.
4m read -
DHS Secretary Urges Congress to Reauthorize CISA 2015
Federal leaders highlight CISA 2015's role in strengthening public-private partnerships and defending against evolving cyber threats.
3m read -
Rep. Gerry Connolly Leaves Lasting Mark on Federal Tech
Connolly's leadership in Congress significantly advanced government IT, emphasizing accountability, efficiency and a robust cybersecurity posture.
4m read -
Agencies Use AI to Boost Efficiency, Cybersecurity Under White House Mandates
DLA and GAO are investigating how AI can boost efficiency and bolster cybersecurity as agencies align with the president's tech directives.
3m read