US Cybersecurity Defense Must Meet Adversaries’ ‘Pace and Scale’
“Make no mistake, our adversaries want to divide us to conquer us,” warned Erin Joe, section chief of the private sector office of the FBI, noting that nation-states like Russia, North Korea, Iran, and China are deploying daily cyberattacks against the US.
Opening yesterday’s CyberSatDigital conference, Joe pointed to the National Intelligence Council’s assessment published in March that Russian President Vladimir Putin’s government had conducted a series of “influenced operations” to “[denigrate] Biden’s candidacy, [undermine] public confidence” in the elections and worsen social and political divisions among U.S. citizens.
Her remarks came just half an hour before a Senate hearing on the government’s response, prevention and recovery efforts stemming from last year’s SolarWinds cyberattack attributed to Russian’s foreign intelligence service. It just so happens that the largest cyberattack against U.S. infrastructure was also announced last week, where Russian hacking group DarkSide targeted the Colonial Pipeline, which provides fuel to more than half of the east coast, using ransomware – that is, malicious software that holds systems hostage until a ransom is paid. Nowadays, Joe added, cybercriminals don’t even need to know how to create the ransomware, they can just purchase it on the dark web.
The continuous pace of these prolific attacks, the quick evolution of creative ways in which bad actors target the US government, its private sector and subsequently its people, took the stage at Tuesday’s hearing, particularly how the U.S. government lags behind its adversaries in cyberdefense investment, cyber workforce, and development of defenses to address ever-growing cybersecurity concerns.
One thing is certain, the country must “rethink” its “cyberwarfare” approach, said Sen. Gary Peters, D-Mich., chairman of the Senate Committee on Homeland Security and Government Affairs. Ranking Member Sen. Rob Portman, R-Ohio, added that the lawmakers are now grappling with what America´s cybersecurity quarterback, the Department of Homeland Security’s Cybersecurity and Information Security Agency, needs as lawmakers draft legislation to bolster cyberdefense. It is likely, he added, that ransomware attacks are also targeting other critical infrastructure aside from the pipeline.
Echoing Peters in the reassessment of the cybersecurity approach, CISA Acting Director Brandon Wales said that the nation’s “response toolkit” needs “sustained investment” to keep “pace and scale” with the “increasingly broad” cyberthreats.
The funding would allow CISA to help local and state governments as well as private sector players, which don’t have the resources and scale to tackle these threats by deploying sensors and technology at problem sites.
The government also needs, said Wales, to “move to more secure and defensible architecture” that implements “zero-trust” – by assuming hardware or software technology cannot be trusted – as the “baseline standard for network design and configuration” across all federal systems. Key goals for the funding are increasing the government’s cybersecurity personnel, ensuring the best “cyber hygiene” practices and modernizing the infrastructure, but Wales cautioned that these all need to be advancing in tandem.
“You want to make sure your technology, your people and your processes are being modernized together, because if any one of those lag behind, you’re going to introduce weaknesses into your overall information security programs,” Wales explained. Through the 2021 National Defense Authorization Act, the agency created its Joint Cyber Planning Office for operational collaboration throughout federal agencies, which will seek to unify “cyber incident planning.”
“The cyberattacks are going to keep coming,” said Portman. The recent pipeline attacks demonstrate the “tangible real-world consequences” of such intrusions and the “demonstrable” economic and national security impact they can have. And the federal agencies, he added, need to be “empowered, resourced and held accountable for what happens at those agencies.”
In The News
Presidents Joe Biden and Vladimir Putin of Russia spent more than three hours discussing issues Wednesday at their summit in Geneva. They ticked through their respective lists so quickly and in such "excruciating detail," Biden says, that they looked at each other and thought, "OK, what... Read More
GENEVA (AP) — With stern expressions and polite words before the cameras, President Joe Biden and Russia's Vladimir Putin plunged into hours of face-to-face talks Wednesday at a lush lakeside Swiss mansion, a highly anticipated summit at a time when both leaders agree that relations between... Read More
CAPE TOWN, South Africa (AP) — U.S. plans to donate 500 million more COVID-19 vaccines to developing countries were met Thursday with both celebration and hesitation amid questions over whether the effort will be enough to help poor regions desperate for doses. Some health officials and... Read More
WASHINGTON — The Defense Department may seek authorization to carry out airstrikes if the capital of Kabul or any other major city in Afghanistan is in danger of falling to the Taliban after the U.S. completes the withdrawal of its troops from the country in early... Read More
The White House announced Thursday that the United States will purchase and donate half a billion Pfizer vaccines to 92 low- and lower middle-income countries and the African Union, a historic action intended to supercharge the global fight against the pandemic. In a statement, the White... Read More
WASHINGTON (AP) — The Senate overwhelmingly approved a bill Tuesday that aims to boost U.S. semiconductor production and the development of artificial intelligence and other technology in the face of growing international competition, most notably from China. The 68-32 vote for the bill demonstrates how confronting... Read More