White House, Congress Aligned on Cybersecurity Goals

June 16, 2021 by Victoria Turner
White House, Congress Aligned on Cybersecurity Goals
Rep. Yvette Clarke, D-N.Y

WASHINGTON – As Congress edges closer to putting a final infrastructure bill on President Joe Biden’s desk, it looks like lawmakers and the White House are aligned in their commitment to bolster U.S. cybersecurity through increased federal investment, focusing on prevention and utilizing public-private partnerships to establish baseline standards.

With the pandemic strong-arming both public and private sectors to “shift operations online,” the global health crisis has “exponentially expanded the surface area for cyberattacks,” said Rep. Yvette Clarke, D-N.Y, yesterday during an Information Technology Industry Council event on “Securing the Information and Communications Technology and Services Supply Chain.”

The continuous cyberattacks on essential companies like SolarWinds, Microsoft Exchange and Colonial Pipeline have “blurred” the lines between cybersecurity and the security of physical assets, Clarke said. The first steps of defense begin with “effective information sharing between government and the private sector” to prevent the attacks from even happening, she urged, as these partnerships will “bring valuable industry perspectives.” 

Brian Scott, director of critical infrastructure cybersecurity at the White House National Security Council, added that industry engagement has been a core element of Biden’s Executive Orders on cybersecurity. The ongoing engagement with stakeholders has resulted in the Department of Commerce’s expected direct investment of $75 billion for the private sector in domestic semiconductor manufacturing, and can be seen within Biden’s cybersecurity Executive Order 14028 on “Improving the Nation’s Cybersecurity,”  which essentially calls for the federal government to partner with companies by the first paragraph. 

Scott noted that the National Institute of Standards and Technology has been directed to consult with the private sector to come up with “specific guidance, identifying practices, standards, procedure and criteria of the software supply chain” and for software development by February 2022. 

Behind drafting the order was the “need to shift our thinking from response to prevention,” he said.

Section 4 of the order, which Scott emphasized, focused heavily on the threat in the software supply chain. It aims to “improve the security of software by establishing baseline security standards for the development of software sold to the government,” Scott said, by requiring transparency by developers and applying a “change throughout the ecosystem” from the bottom up – building security into the product itself.  

And software is another area that needs industry collaboration, as “[the order] stands up a concurrent public-private process to develop new and innovative approaches to secure software development and it uses the power of federal procurement to incentivize the market,” Scott said. 

“By next March, [the Office of Management and Budget] will take action to mandate agencies to use software conforming to this guidance,” he said, referring to the guidance NIST has been directed to issue after it defines what is critical infrastructure and then couple with the nation’s cyber quarterback, the Cybersecurity Infrastructure and Security Agency, to “provide use and configuration guidance to [federal] agencies.” NIST also has 270 days to establish two pilot programs for product labeling over Internet-of-Things devices and software development to inform the public on security measures, he added. 

Executive Order 140147, which preceded the latest cybersecurity order and was a “whole-of-government approach” to review the U.S. supply chains,  revealed an issue that Scott said was already well-known: a shortage of semiconductors chips that run just about everything from smartphones to your televisions. 

 “Once a global leader in semiconductor production with robust public support, the U.S. has outsourced and offshored too much semiconductor manufacturing in the recent decades,” Scott charged. In the last 20 years, he explained, the U.S. went from manufacturing 37% of the world’s semiconductors to 12%. 

Both Scott and Clarke said robust investment in bolstering domestic manufacturing of semiconductors and research and development is needed quickly. Executive Order 14028, Scott said, backs the administration’s efforts to “build back better to modernize defenses, return to the international stage on cyber issues with allies and partners, and be better postured to lead and compete globally.” 

Thus, Biden’s American Rescue Plan, his American Jobs Plan and increased investment are “three critical investments” necessary in “the wake of the [cyberattacks],” Clarke urged, noting this was a bipartisan imperative on the Hill that she is prepared to lead.

This is a “once in a generation investment” that will “create jobs, rebuild our critical infrastructure” and allow the U.S. to be a global competitor again, Clarke continued. But it will come down to ensuring the U.S. is also building up the workforce it needs to be able to perform these jobs. 

“The emerging landscape for warfare…is all cyber,” Clarke charged, and “the sooner that we embrace that understanding, the sooner we stand up a robust defense” with mitigation and detection strategies. 

A+
a-
  • cybersecurity
  • White House
  • Yvette Clarke
  • In The News

    Health

    Voting

    Cybersecurity

    Americans Reporting Nationwide Cellular Outages From AT&T, Cricket Wireless and Others

    A number of Americans are dealing with cellular outages on AT&T, Cricket Wireless, Verizon, T-Mobile and other service providers, according... Read More

    A number of Americans are dealing with cellular outages on AT&T, Cricket Wireless, Verizon, T-Mobile and other service providers, according to data from Downdetector. AT&T had more than 73,000 outages around 9:30 a.m. ET, in locations including Houston, Atlanta and Chicago. The outages began at approximately... Read More

    States and Congress Wrestle With Cybersecurity at Water Utilities Amid Renewed Federal Warnings

    HARRISBURG, Pa. (AP) — The tiny Aliquippa water authority in western Pennsylvania was perhaps the least-suspecting victim of an international... Read More

    HARRISBURG, Pa. (AP) — The tiny Aliquippa water authority in western Pennsylvania was perhaps the least-suspecting victim of an international cyberattack. It had never had outside help in protecting its systems from a cyberattack, either at its existing plant that dates to the 1930s or the... Read More

    December 6, 2023
    by Dan McCue
    HHS Unveils Next Steps to Enhance Cybersecurity of Health Care Records

    WASHINGTON — The bad guys in cyberspace want your health care records.  Between 2018 and 2022, there was a 93%... Read More

    WASHINGTON — The bad guys in cyberspace want your health care records.  Between 2018 and 2022, there was a 93% increase in large breaches in the health care sector, with a 278% increase in large breaches involving ransomware, according to the Department of Health and Human... Read More

    Insider Q&A: Pentagon AI Chief on Network-Centric Warfare, Generative AI Challenges

    The Pentagon's chief digital and artificial intelligence offer, Craig Martell, is alarmed by the potential for generative artificial intelligence systems... Read More

    The Pentagon's chief digital and artificial intelligence offer, Craig Martell, is alarmed by the potential for generative artificial intelligence systems like ChatGPT to deceive and sow disinformation. His talk on the technology at the DefCon hacker convention in August was a huge hit. But he's anything... Read More

    October 31, 2023
    by Tom Ramstack
    US Workforce Unprepared for AI, Technology Experts Tell Senate

    WASHINGTON — President Joe Biden’s executive order Monday setting regulatory standards for artificial intelligence prompted witnesses at a Senate hearing... Read More

    WASHINGTON — President Joe Biden’s executive order Monday setting regulatory standards for artificial intelligence prompted witnesses at a Senate hearing Tuesday to say it is only a first step in a process likely to transform American workplaces. “Artificial intelligence will not only disrupt lives, it will... Read More

    July 18, 2023
    by Tom Ramstack
    Congress Told AI Holds Great Risks and Benefits for US Military

    WASHINGTON — Artificial intelligence experts warned Tuesday during a congressional hearing of ominous dangers for the United States if it... Read More

    WASHINGTON — Artificial intelligence experts warned Tuesday during a congressional hearing of ominous dangers for the United States if it falls behind in developing the technology but a bright future by taking the lead. One of the greatest risks would be defending against a foreign enemy... Read More

    News From The Well
    scroll top