facebook linkedin twitter

White House, Congress Aligned on Cybersecurity Goals

June 16, 2021 by Victoria Turner
Rep. Yvette Clarke, D-N.Y

WASHINGTON – As Congress edges closer to putting a final infrastructure bill on President Joe Biden’s desk, it looks like lawmakers and the White House are aligned in their commitment to bolster U.S. cybersecurity through increased federal investment, focusing on prevention and utilizing public-private partnerships to establish baseline standards.

With the pandemic strong-arming both public and private sectors to “shift operations online,” the global health crisis has “exponentially expanded the surface area for cyberattacks,” said Rep. Yvette Clarke, D-N.Y, yesterday during an Information Technology Industry Council event on “Securing the Information and Communications Technology and Services Supply Chain.”

The continuous cyberattacks on essential companies like SolarWinds, Microsoft Exchange and Colonial Pipeline have “blurred” the lines between cybersecurity and the security of physical assets, Clarke said. The first steps of defense begin with “effective information sharing between government and the private sector” to prevent the attacks from even happening, she urged, as these partnerships will “bring valuable industry perspectives.” 

Brian Scott, director of critical infrastructure cybersecurity at the White House National Security Council, added that industry engagement has been a core element of Biden’s Executive Orders on cybersecurity. The ongoing engagement with stakeholders has resulted in the Department of Commerce’s expected direct investment of $75 billion for the private sector in domestic semiconductor manufacturing, and can be seen within Biden’s cybersecurity Executive Order 14028 on “Improving the Nation’s Cybersecurity,”  which essentially calls for the federal government to partner with companies by the first paragraph. 

Scott noted that the National Institute of Standards and Technology has been directed to consult with the private sector to come up with “specific guidance, identifying practices, standards, procedure and criteria of the software supply chain” and for software development by February 2022. 

Behind drafting the order was the “need to shift our thinking from response to prevention,” he said.

Section 4 of the order, which Scott emphasized, focused heavily on the threat in the software supply chain. It aims to “improve the security of software by establishing baseline security standards for the development of software sold to the government,” Scott said, by requiring transparency by developers and applying a “change throughout the ecosystem” from the bottom up – building security into the product itself.  

And software is another area that needs industry collaboration, as “[the order] stands up a concurrent public-private process to develop new and innovative approaches to secure software development and it uses the power of federal procurement to incentivize the market,” Scott said. 

“By next March, [the Office of Management and Budget] will take action to mandate agencies to use software conforming to this guidance,” he said, referring to the guidance NIST has been directed to issue after it defines what is critical infrastructure and then couple with the nation’s cyber quarterback, the Cybersecurity Infrastructure and Security Agency, to “provide use and configuration guidance to [federal] agencies.” NIST also has 270 days to establish two pilot programs for product labeling over Internet-of-Things devices and software development to inform the public on security measures, he added. 

Executive Order 140147, which preceded the latest cybersecurity order and was a “whole-of-government approach” to review the U.S. supply chains,  revealed an issue that Scott said was already well-known: a shortage of semiconductors chips that run just about everything from smartphones to your televisions. 

 “Once a global leader in semiconductor production with robust public support, the U.S. has outsourced and offshored too much semiconductor manufacturing in the recent decades,” Scott charged. In the last 20 years, he explained, the U.S. went from manufacturing 37% of the world’s semiconductors to 12%. 

Both Scott and Clarke said robust investment in bolstering domestic manufacturing of semiconductors and research and development is needed quickly. Executive Order 14028, Scott said, backs the administration’s efforts to “build back better to modernize defenses, return to the international stage on cyber issues with allies and partners, and be better postured to lead and compete globally.” 

Thus, Biden’s American Rescue Plan, his American Jobs Plan and increased investment are “three critical investments” necessary in “the wake of the [cyberattacks],” Clarke urged, noting this was a bipartisan imperative on the Hill that she is prepared to lead.

This is a “once in a generation investment” that will “create jobs, rebuild our critical infrastructure” and allow the U.S. to be a global competitor again, Clarke continued. But it will come down to ensuring the U.S. is also building up the workforce it needs to be able to perform these jobs. 

“The emerging landscape for warfare…is all cyber,” Clarke charged, and “the sooner that we embrace that understanding, the sooner we stand up a robust defense” with mitigation and detection strategies. 

Cybersecurity

November 22, 2021
by Kate Michael
Klobuchar Weighs in on CAP’s New Report on Tech Regulation

WASHINGTON — Sen. Amy Klobuchar, D-Minn., has been on a crusade for swift and sweeping reform of Big Tech platforms,... Read More

WASHINGTON — Sen. Amy Klobuchar, D-Minn., has been on a crusade for swift and sweeping reform of Big Tech platforms, introducing a number of bills and even publishing a book titled “Antitrust” that looks at the history of policy toward trusts and monopolies and details how... Read More

November 13, 2021
by Victoria Turner
US Cyber Attack Defenses Assessed at Forum

WASHINGTON — The U.S. is at risk of creating a two-silo cybersecurity strategy impeding its ability to adequately address ever-evolving... Read More

WASHINGTON — The U.S. is at risk of creating a two-silo cybersecurity strategy impeding its ability to adequately address ever-evolving cyber threats from bad actors overseas, a former assistant secretary of defense said Friday. Speaking at an American Enterprise Institute event, Paul Stockton, who is now... Read More

November 9, 2021
by Dan McCue
SolarWinds Sued By Shareholders Over Epic 2020 Data Breach

GEORGETOWN, Del. — Shareholders are suing software provider SolarWinds Corp. in the Delaware Court of Chancery claiming the company directors... Read More

GEORGETOWN, Del. — Shareholders are suing software provider SolarWinds Corp. in the Delaware Court of Chancery claiming the company directors should have known of, and yet did nothing to mitigate, the risk of the massive data breach that took place in 2020. The plaintiffs, led by... Read More

October 26, 2021
by Tom Ramstack
Bigger Government Role Expected to Protect Industry From Hackers

WASHINGTON — Large-scale cyberattacks continued this week in the United States and abroad as computer security experts told a congressional... Read More

WASHINGTON — Large-scale cyberattacks continued this week in the United States and abroad as computer security experts told a congressional panel Tuesday that more government intervention is needed. On Monday, Microsoft announced that Russia-backed hackers were trying to steal information technology to disrupt the global supply... Read More

October 22, 2021
by Reece Nations
Commerce Department Tightens Export Controls on Cybersecurity Items

WASHINGTON — The Department of Commerce’s Bureau of Industry and Security announced on Wednesday it would institute new export controls... Read More

WASHINGTON — The Department of Commerce’s Bureau of Industry and Security announced on Wednesday it would institute new export controls over cybersecurity items such as cyber intrusion software that can be used maliciously. The department’s new policy also creates a new license exception for authorized cybersecurity... Read More

October 14, 2021
by Victoria Turner
Cybersecurity Experts Point to More Investment Needed in Detection, Response

WASHINGTON -- If everyone were to employ proper cyber hygiene like multi-factor authentication or not clicking on links in phishing... Read More

WASHINGTON -- If everyone were to employ proper cyber hygiene like multi-factor authentication or not clicking on links in phishing emails, more than 85% of cyberattacks would be prevented, said Sen. Angus King, I-Maine, Thursday.  “The best hack is the one that doesn’t happen,” King said... Read More

News From The Well
scroll top