Loading...

Cybersecurity Experts Point to More Investment Needed in Detection, Response

October 14, 2021 by Victoria Turner
Sen. Angus King, I-Maine.

WASHINGTON — If everyone were to employ proper cyber hygiene like multi-factor authentication or not clicking on links in phishing emails, more than 85% of cyberattacks would be prevented, said Sen. Angus King, I-Maine, Thursday. 

“The best hack is the one that doesn’t happen,” King said during the U.S. Chamber of Commerce event on the intersection of energy and cybersecurity as part of its EnergyInnovates series. 

Employers should implement the “trust but verify” admonition from the Reagan administration era by giving a three-strikes-you’re-out type of approach to employees who fail to realize the importance of proper cyber hygiene. 

The federal government must implement a similar approach when it comes to nation-states and adversaries attacking the U.S. networks, by establishing a declaratory deterrent policy to make adversaries “pay a price,” as the risks are “too great.” And the risks are even greater if the attacks target systemically important critical infrastructure, or SICI, like energy. 

“We understand as electricity providers, look, it’s in our DNA, that we are the backbone of the nation’s economy,” said Tom Fanning, CEO of Southern Company. “If those electrons don’t flow, we’re in deep trouble,” he added, noting that the second-largest American utility company gets attacked millions of times every day. 

But the U.S. investments have primarily focused on enterprise information technology for threat prevention, which is only part of the solution, said Robert Lee, CEO and founder of Dragos. The nation needs to be investing just as heavily, if not more, in operations technology to detect cyber threats. Operations technology is control systems that allow the provision of critical services like water, energy, oil and gas manufacturing, he explained, and this is what “makes critical infrastructure critical.” 

In the Solar Winds attack, he pointed out, the focus was on the enterprise information technology but the virus also compromised their operations technology. The adversary actually “had remote access to gas turbine equipment and software across the world in very critical infrastructure,” he said. 

“By the time you see [a cyber threat] bubbling up on the pond, there’s been a lot of activity below the surface to get there,” Lee said. And the threats we are seeing are not “as bad as you want to imagine…but far worse than you realize,” he said as he pointed to a recent cyberattack in February on a water treatment plant in Oldsmar, Florida, “where the adversary actually tried to poison the water system and hurt people.”

Many solutions are prevention-based, he explained, which is good, but systems are becoming more connected through the global digital transformation which has led to better, more efficient services and systems, but also “introduces attack vectors” through this accelerated connectivity. 

In the Cyberspace Solarium Commission report, Fanning pointed out, they “chose to use the word collaborate” instead of cooperate. 

“We have an obligation to work with [each other] to illuminate this battlefield in a real-time fashion so that we can deal with the threats before [they] manifest themselves as problems on our networks,” Fanning said, and strengthen both the physical and cyber defenses in SICI. 

To this means, Fanning pointed to “three legs to the stool.” First, private sector participation “among friends and foes alike” towards cyberspace standards, followed by private sector collaboration with the federal government.

And lastly, Fanning said, arming those who will hold the bad actors accountable “with the tools necessary to defend this nation’s ability to have a safe economy, keep our citizens safe and to protect our ability to see, to listen and to defend ourselves.”

Victoria can be reached at victoria@thewellnews.com.

A+
a-

Cybersecurity

November 22, 2021
by Kate Michael
Klobuchar Weighs in on CAP’s New Report on Tech Regulation

WASHINGTON — Sen. Amy Klobuchar, D-Minn., has been on a crusade for swift and sweeping reform of Big Tech platforms,... Read More

WASHINGTON — Sen. Amy Klobuchar, D-Minn., has been on a crusade for swift and sweeping reform of Big Tech platforms, introducing a number of bills and even publishing a book titled “Antitrust” that looks at the history of policy toward trusts and monopolies and details how... Read More

November 13, 2021
by Victoria Turner
US Cyber Attack Defenses Assessed at Forum

WASHINGTON — The U.S. is at risk of creating a two-silo cybersecurity strategy impeding its ability to adequately address ever-evolving... Read More

WASHINGTON — The U.S. is at risk of creating a two-silo cybersecurity strategy impeding its ability to adequately address ever-evolving cyber threats from bad actors overseas, a former assistant secretary of defense said Friday. Speaking at an American Enterprise Institute event, Paul Stockton, who is now... Read More

November 9, 2021
by Dan McCue
SolarWinds Sued By Shareholders Over Epic 2020 Data Breach

GEORGETOWN, Del. — Shareholders are suing software provider SolarWinds Corp. in the Delaware Court of Chancery claiming the company directors... Read More

GEORGETOWN, Del. — Shareholders are suing software provider SolarWinds Corp. in the Delaware Court of Chancery claiming the company directors should have known of, and yet did nothing to mitigate, the risk of the massive data breach that took place in 2020. The plaintiffs, led by... Read More

October 26, 2021
by Tom Ramstack
Bigger Government Role Expected to Protect Industry From Hackers

WASHINGTON — Large-scale cyberattacks continued this week in the United States and abroad as computer security experts told a congressional... Read More

WASHINGTON — Large-scale cyberattacks continued this week in the United States and abroad as computer security experts told a congressional panel Tuesday that more government intervention is needed. On Monday, Microsoft announced that Russia-backed hackers were trying to steal information technology to disrupt the global supply... Read More

October 22, 2021
by Reece Nations
Commerce Department Tightens Export Controls on Cybersecurity Items

WASHINGTON — The Department of Commerce’s Bureau of Industry and Security announced on Wednesday it would institute new export controls... Read More

WASHINGTON — The Department of Commerce’s Bureau of Industry and Security announced on Wednesday it would institute new export controls over cybersecurity items such as cyber intrusion software that can be used maliciously. The department’s new policy also creates a new license exception for authorized cybersecurity... Read More

October 14, 2021
by Victoria Turner
Cybersecurity Experts Point to More Investment Needed in Detection, Response

WASHINGTON -- If everyone were to employ proper cyber hygiene like multi-factor authentication or not clicking on links in phishing... Read More

WASHINGTON -- If everyone were to employ proper cyber hygiene like multi-factor authentication or not clicking on links in phishing emails, more than 85% of cyberattacks would be prevented, said Sen. Angus King, I-Maine, Thursday.  “The best hack is the one that doesn’t happen,” King said... Read More

News From The Well
Exit mobile version