Bigger Government Role Expected to Protect Industry From Hackers
WASHINGTON — Large-scale cyberattacks continued this week in the United States and abroad as computer security experts told a congressional panel Tuesday that more government intervention is needed.
On Monday, Microsoft announced that Russia-backed hackers were trying to steal information technology to disrupt the global supply chain.
On Tuesday, cyberattackers shut down gas stations across Iran. In Germany, a major auto components supplier was hacked, possibly interfering with automobile production throughout the country.
Other attacks were reported this week at schools in Colorado and Wisconsin.
“The threat is evolving much more quickly than our defense,” said Suzanne Spaulding, a Homeland Security International Security Program senior advisor.
She testified to the House Homeland Security subcommittee on cybersecurity as it considers proposals to require transportation companies to meet minimum requirements for protecting their computer systems that operate the nation’s transit systems, airlines, pipelines and railroads.
The Transportation Security Administration is close to finalizing the requirements. They come with a huge controversy for private industry.
Corporations have traditionally relied upon voluntary guidelines to protect their businesses and customers. They argue against the heavy hand of government regulation, along with the fines and court orders that could accompany it.
Witnesses at the congressional hearing said recent events show voluntary guidelines are too weak to adequately protect the public and the nation’s economy.
Spaulding said that until recently she also favored voluntary private market compliance with cybersecurity guidelines.
“Markets are generally more efficient and, important for such a dynamic area as cyber, nimbler,” she said. “However, over the last couple of years, I have reluctantly had to conclude that we cannot rely upon markets alone to ensure the continuity of nationally critical functions upon which the American public relies.”
Lawmakers and witnesses discussed the May 2021 Colonial Pipeline ransomware attack as a prime example of the damage cyberattackers can cause.
Gasoline and jet fuel deliveries along the 5,500-mile pipeline from Houston, Texas, to the East Coast were shut down for five days while the attackers demanded a $4.4 million bitcoin ransom.
Colonial Pipeline officials paid the ransom but also generated disputes that continued this week about whether anyone should need to respond to demands of thieves who use software to extort money.
“Time is not on our side,” Spaulding said.
Rep. Yvette Clarke, D-N.Y., chairwoman of the cybersecurity subcommittee, said lawmakers were “shocked” by weaknesses in Colonial Pipeline’s cybersecurity.
She also said cyberattacks and ransomware are a special threat for her constituents in New York, which is a major hub for airports, rail systems and transit. Six months ago, Chinese hackers infiltrated computers of the New York Metropolitan Transportation Authority.
“Fortunately, they did not gain access to operational systems that control rail cars, but I remain concerned about the cybersecurity of mass transit systems generally and MTA’s network in particular,” Clarke said. “Given the degree to which middle- and low-income people rely on public transportation, a cyberattack affecting mass transit could have a disproportionate impact on these populations.”
She welcomed the Transportation Security Administration’s upcoming cybersecurity standards for transportation companies and agencies.
“They mark a pivotal transition in the federal government’s approach to cybersecurity,” Clarke said.
The new standards could not come soon enough, according to respondents in a survey released last week by Texas-based cloud computing company Rackspace Technology.
The survey of 1,420 government information technology decision-makers showed that less than half believe their personnel are prepared to mitigate or understand all cyber threats.
Tom can be reached at email@example.com
In The News
WASHINGTON — The Biden administration will not rule out risks of major cyberattacks against U.S. targets as it continues its... Read More
WASHINGTON — The Biden administration will not rule out risks of major cyberattacks against U.S. targets as it continues its political support for Ukraine amid rumblings of war with Russia. White House press spokeswoman Jen Psaki said Tuesday the U.S. government is monitoring the threats. In... Read More
LONDON (AP) — Cybersecurity and space are emerging risks to the global economy, adding to existing challenges posed by climate change and... Read More
LONDON (AP) — Cybersecurity and space are emerging risks to the global economy, adding to existing challenges posed by climate change and the coronavirus pandemic, the World Economic Forum said in a report Tuesday. The Global Risks Report is usually released ahead of the annual elite winter gathering of CEOs and... Read More
A major outage in Amazon's cloud computing network Tuesday severely disrupted services at a wide range of U.S. companies for... Read More
A major outage in Amazon's cloud computing network Tuesday severely disrupted services at a wide range of U.S. companies for more than five hours, the latest sign of just how concentrated the business of keeping the internet running has become. The incident at Amazon Web Services... Read More
WASHINGTON — Sen. Amy Klobuchar, D-Minn., has been on a crusade for swift and sweeping reform of Big Tech platforms,... Read More
WASHINGTON — Sen. Amy Klobuchar, D-Minn., has been on a crusade for swift and sweeping reform of Big Tech platforms, introducing a number of bills and even publishing a book titled “Antitrust” that looks at the history of policy toward trusts and monopolies and details how... Read More
WASHINGTON — The U.S. is at risk of creating a two-silo cybersecurity strategy impeding its ability to adequately address ever-evolving... Read More
WASHINGTON — The U.S. is at risk of creating a two-silo cybersecurity strategy impeding its ability to adequately address ever-evolving cyber threats from bad actors overseas, a former assistant secretary of defense said Friday. Speaking at an American Enterprise Institute event, Paul Stockton, who is now... Read More
GEORGETOWN, Del. — Shareholders are suing software provider SolarWinds Corp. in the Delaware Court of Chancery claiming the company directors... Read More
GEORGETOWN, Del. — Shareholders are suing software provider SolarWinds Corp. in the Delaware Court of Chancery claiming the company directors should have known of, and yet did nothing to mitigate, the risk of the massive data breach that took place in 2020. The plaintiffs, led by... Read More