Cybersecurity Experts Point to More Investment Needed in Detection, Response

October 14, 2021 by Victoria Turner
Cybersecurity Experts Point to More Investment Needed in Detection, Response
Sen. Angus King, I-Maine.

WASHINGTON — If everyone were to employ proper cyber hygiene like multi-factor authentication or not clicking on links in phishing emails, more than 85% of cyberattacks would be prevented, said Sen. Angus King, I-Maine, Thursday. 

“The best hack is the one that doesn’t happen,” King said during the U.S. Chamber of Commerce event on the intersection of energy and cybersecurity as part of its EnergyInnovates series. 

Employers should implement the “trust but verify” admonition from the Reagan administration era by giving a three-strikes-you’re-out type of approach to employees who fail to realize the importance of proper cyber hygiene. 

The federal government must implement a similar approach when it comes to nation-states and adversaries attacking the U.S. networks, by establishing a declaratory deterrent policy to make adversaries “pay a price,” as the risks are “too great.” And the risks are even greater if the attacks target systemically important critical infrastructure, or SICI, like energy. 

“We understand as electricity providers, look, it’s in our DNA, that we are the backbone of the nation’s economy,” said Tom Fanning, CEO of Southern Company. “If those electrons don’t flow, we’re in deep trouble,” he added, noting that the second-largest American utility company gets attacked millions of times every day. 

But the U.S. investments have primarily focused on enterprise information technology for threat prevention, which is only part of the solution, said Robert Lee, CEO and founder of Dragos. The nation needs to be investing just as heavily, if not more, in operations technology to detect cyber threats. Operations technology is control systems that allow the provision of critical services like water, energy, oil and gas manufacturing, he explained, and this is what “makes critical infrastructure critical.” 

In the Solar Winds attack, he pointed out, the focus was on the enterprise information technology but the virus also compromised their operations technology. The adversary actually “had remote access to gas turbine equipment and software across the world in very critical infrastructure,” he said. 

“By the time you see [a cyber threat] bubbling up on the pond, there’s been a lot of activity below the surface to get there,” Lee said. And the threats we are seeing are not “as bad as you want to imagine…but far worse than you realize,” he said as he pointed to a recent cyberattack in February on a water treatment plant in Oldsmar, Florida, “where the adversary actually tried to poison the water system and hurt people.”

Many solutions are prevention-based, he explained, which is good, but systems are becoming more connected through the global digital transformation which has led to better, more efficient services and systems, but also “introduces attack vectors” through this accelerated connectivity. 

In the Cyberspace Solarium Commission report, Fanning pointed out, they “chose to use the word collaborate” instead of cooperate. 

“We have an obligation to work with [each other] to illuminate this battlefield in a real-time fashion so that we can deal with the threats before [they] manifest themselves as problems on our networks,” Fanning said, and strengthen both the physical and cyber defenses in SICI. 

To this means, Fanning pointed to “three legs to the stool.” First, private sector participation “among friends and foes alike” towards cyberspace standards, followed by private sector collaboration with the federal government.

And lastly, Fanning said, arming those who will hold the bad actors accountable “with the tools necessary to defend this nation’s ability to have a safe economy, keep our citizens safe and to protect our ability to see, to listen and to defend ourselves.”

Victoria can be reached at [email protected].

A+
a-
  • Angus King
  • cybersecurity
  • U.S. Chamber of Commerce
  • In The News

    Health

    Voting

    Cybersecurity

    June 24, 2025
    by Tom Ramstack
    US in ‘Heightened Threat Environment’ After Iranian Threat of Reprisal for Bombing

    WASHINGTON — Tenuous international efforts to reinstate a ceasefire between Iran and Israel continued Tuesday but did nothing to eliminate... Read More

    WASHINGTON — Tenuous international efforts to reinstate a ceasefire between Iran and Israel continued Tuesday but did nothing to eliminate the warnings of reprisal against the United States. The result is security alerts in Washington, D.C., and throughout the nation. The U.S. Department of Homeland Security... Read More

    April 29, 2025
    by Tom Ramstack
    FBI Reports Sharp Increase in American Cybercrime Victims

    WASHINGTON — The FBI’s new Internet Crime Report released last week shows Americans lost $16.6 billion to cybercrime in 2024... Read More

    WASHINGTON — The FBI’s new Internet Crime Report released last week shows Americans lost $16.6 billion to cybercrime in 2024 despite an intensified government effort to stop it. The losses were up by one-third from a year earlier.  Fraud was the most common crime, particularly among... Read More

    December 31, 2024
    by Tom Ramstack
    Chinese Accused of Hacking US Treasury Dept. Computers

    WASHINGTON — A Chinese intelligence agency recently hacked the workstations and unclassified documents of the U.S. Treasury Department, the Biden... Read More

    WASHINGTON — A Chinese intelligence agency recently hacked the workstations and unclassified documents of the U.S. Treasury Department, the Biden administration announced Monday. The hack attack is one of several Chinese-sponsored incidents the U.S. Cybersecurity and Infrastructure Security Agency says have compromised the data privacy of... Read More

    The US and Microsoft Disrupt a Russian Hacking Group Targeting American Officials and Nonprofits

    WASHINGTON (AP) — A hacking group tied to Russian intelligence tried to worm its way into the systems of dozens... Read More

    WASHINGTON (AP) — A hacking group tied to Russian intelligence tried to worm its way into the systems of dozens of Western think tanks, journalists and former military and intelligence officials, Microsoft and U.S. authorities said Thursday. The group, known as Star Blizzard to cyberespionage experts,... Read More

    Americans Reporting Nationwide Cellular Outages From AT&T, Cricket Wireless and Others

    A number of Americans are dealing with cellular outages on AT&T, Cricket Wireless, Verizon, T-Mobile and other service providers, according... Read More

    A number of Americans are dealing with cellular outages on AT&T, Cricket Wireless, Verizon, T-Mobile and other service providers, according to data from Downdetector. AT&T had more than 73,000 outages around 9:30 a.m. ET, in locations including Houston, Atlanta and Chicago. The outages began at approximately... Read More

    States and Congress Wrestle With Cybersecurity at Water Utilities Amid Renewed Federal Warnings

    HARRISBURG, Pa. (AP) — The tiny Aliquippa water authority in western Pennsylvania was perhaps the least-suspecting victim of an international... Read More

    HARRISBURG, Pa. (AP) — The tiny Aliquippa water authority in western Pennsylvania was perhaps the least-suspecting victim of an international cyberattack. It had never had outside help in protecting its systems from a cyberattack, either at its existing plant that dates to the 1930s or the... Read More

    News From The Well
    scroll top