Federal push to identify, protect critical groups from hackers gains momentum | #government | #hacking | #cyberattack


Efforts in the federal government and Congress to identify and further protect groups critical to national security from cyber threats are gaining ground amid recent destructive ransomware attacks, officials say.

Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly said Friday that her agency has kicked off an effort to identify “primary systemically important entities” to be protected from threats, often those critical to national continuity. 

“We are prototyping a variety of different approaches in our National Risk Management Center … to try and start identifying those entities that are in fact systemically important, and we are doing it based on economic centrality, network centrality, and logical dominance in the national critical functions,” Easterly said during a virtual event hosted by the Center for Strategic and International Studies (CSIS). 

CISA’s efforts to identify organizations to further protect come as the nation continues to face a wave of ransomware attacks that have, at times, destabilized key supply chains. These have included the ransomware attack in May on Colonial Pipeline, which led to gas shortages in multiple states for over a week. 

“Ransomware, truly a scourge that is affecting all of our lives every day,” Easterly said Friday.

The new program at CISA is being explored as momentum builds on Capitol Hill to take action to guard against such attacks.

House Homeland Security Committee ranking member John KatkoJohn Michael KatkoNow is the time to take stock in our cyber defenses  New hacking efforts show Russia undeterred by US actions The 9 Republicans who voted to hold Bannon in contempt of Congress MORE (R-N.Y.) and Rep. Abigail SpanbergerAbigail Davis SpanbergerNow is the time to take stock in our cyber defenses  Anti-Trump Republicans target McCarthy, Scalise, other high-profile conservatives Vulnerable House Democrats warn not to drop drug pricing from package MORE (D-Va.) earlier this month introduced the Securing Systemically Important Critical Infrastructure Act. The bill would authorize CISA to set up a program to identify critical groups to protect, similar to what the agency is now undertaking. 

Easterly stressed Friday that while the legislation is similar, she still supported the need to sign it into law. 

“I think that signaling, that ending up in law, will be very helpful in continuing to bring the private sector to the table, because I think we are in a state now where our critical infrastructure is much more vulnerable than it should be, and frankly that’s what I worry about most every day,” Easterly said. 

Katko, speaking at the same event Friday, teased the potential for his legislation to be included in the annual National Defense Authorization Act, particularly as he is set to sit on this year’s conference committee on the defense package. 

“NDAA has become a very potent vehicle to get legislation passed that sometimes may struggle to get going on its own,” Katko said. “We are hopeful if and when it goes to conference, I’m going to be on that conference committee to make sure those bills stay in there, so yes it absolutely has become a potent ground for doing that.”

Efforts around identifying which organizations are critical have become increasingly important as Congress also considers various forms of legislation to mandate critical groups to report cyber incidents to the federal government.

In part, this is to address threats coming from countries including Russia and China, with multiple major cyberattacks over the past year linked to cyber criminals based in Russia. 

President BidenJoe BidenFormer lawmakers sign brief countering Trump’s claims of executive privilege in Jan. 6 investigation Biden appoints Sara Minkara as US special adviser on international disability rights Fox poll shows Youngkin leading McAuliffe by 8 points among likely voters MORE addressed this issue with Russian President Vladimir PutinVladimir Vladimirovich PutinIndia rejects calls for net zero carbon emissions target The Hill’s Morning Report – Presented by Facebook – Democrats have so many hurdles ahead 5 things to watch for as Biden heads to Europe MORE earlier this year during their in-person summit in Geneva, handing the Russian leader a list of 16 entities that were off limits to attack.

While Biden has taken a series of other actions against Russia for cyber activities, including levying sanctions on the country in April in retaliation for the SolarWinds hack, both Easterly and Katko advocated Friday for going further, particularly as Russian cyberattacks continue

“It has to be all instruments of national power, and we have to be able to stand behind, when we say we are going to impose costs, when we say we are going to hold actors accountable, we have to be able to have tools that can effectively do that,” Easterly said. 

Katko advocated for more sanctions in response to malicious cyber activity.

“I think that we need to do more than we’re doing at a minimum,” Katko said. “We can’t have China acting with impunity attacking our systems, and malign actors within Russia acting under the perimeter of Putin to be going unchecked, and they largely have.”

“I think that we need to not do something that is going to start World War Three, but we need to do something to make them feel the pain,” he said.





Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

fourteen + = twenty