Experts urge urgent action from White House to fix critical infrastructure cybersecurity
The Cybersecurity and Infrastructure Security Agency (CISA), the key agency inside the Department of Homeland Security responsible for helping defend critical infrastructure, is not equipped to quickly and effectively respond to cyberattacks, according to CSC 2.0, a group of experts established by Congress. In a report published on June 7, the group called for the urgent updating of government policies to protect critical infrastructure against hackers, which it characterized as woefully outdated and inadequate.
Outdated policy framework
The group pointed out the outdated nature of current policies for protecting critical infrastructure against cyberthreats, citing policy directives that date back to 2013. Policies have not kept pace with the changing threat environment, which has seen a proliferation of ransomware attacks and nation-state cyberattacks. Moreover, existing federal frameworks for protecting critical infrastructure cybersecurity are inconsistent and poorly coordinated across government agencies, creating a “complex and inconsistent web of responsibilities” that hinders effective prevention and response.
The Cyberspace Solarium Commission issued a recommendation that was subsequently signed into law in the 2021 defense bill in response to the inadequacies of the existing framework. However, the group noted that not all Sector Risk Management Agencies are up to the task. Some agencies, such as the Energy Department, have historically been effective in collaborating with the private sector; others, such as the Transportation Security Administration or the Environmental Protection Agency, have struggled due to a lack of resources.
The Colonial Pipeline ransomware attack
The report cited the 2021 Colonial Pipeline ransomware attack, which caused widespread fuel shortages across the US, as a case study of how current policies are ill-equipped to handle modern threats. The “public-private partnership” model that the government has sought to cultivate has shown its limits in responding to such incidents, the report stated. Furthermore, the federal government’s communication breakdown during the Colonial Pipeline attack highlighted the inadequacy of its response infrastructure.
Recommendations for action
The CSC 2.0 report offers recommendations for the Biden administration to consider as it rewrites key policy directives. It calls for identifying strategic changes such as prioritizing resilience, updating responsibilities for key strategy documents, and ensuring accountability through clearly defined roles and expectations. The report also recommends clarifying CISA’s roles as the national risk management agency and compelling minimum security standards and collaboration among industries. The group emphasizes that critical infrastructure sub-sectors require different levels of support and that efforts must be made to provide adequate resources accordingly.
Philosophical discussion
The CSC 2.0 report highlights the limitations of current policies and strategies in protecting against modern cybersecurity threats, which are constantly evolving and increasingly sophisticated. This underscores the need for philosophical discussion on the appropriate approach to cybersecurity. One view is that governments should take on a more interventionist role in setting cybersecurity standards and enforcing them upon critical infrastructure operators. Another view is that the private sector should take the lead in securing their assets with the government providing guidelines and support.
Editorial
The CSC 2.0 report serves as a wake-up call for the US government to update its policies and strategy to protect against the growing threat of cyberattacks on critical infrastructure. The report highlights the limitations of the current framework and identifies areas for improvement. The Biden administration must prioritize cybersecurity and allocate the necessary resources to ensure that the appropriate policies and standards are put in place to safeguard key infrastructure sectors. Additionally, the government must collaborate closely with the private sector to draw on their expertise and ensure that they are adequately prepared to defend against cyberattacks.
Advice
Organizations that operate critical infrastructure should be vigilant and proactive in protecting their assets against cyberthreats. They should assess their cybersecurity posture regularly and implement best practices such as regular software updates, multifactor authentication, encryption, and conducting regular security awareness training for employees. They should also collaborate closely with government agencies such as CISA to ensure that they are aware of any emerging threats and the latest cybersecurity guidelines.
<< photo by Will Mu >>
You might want to read !
- Introducing New PowerDrop Malware: An Emerging Threat to the U.S. Aerospace Industry
- “The Emergence of a New Type of Magecart Campaign: Insights from Latest Research”
- The Soaring Cost of Ransomware: How Social Engineering Exploits Are Doubling Breaches According to Verizon DBIR.
- Protecting Critical Infrastructure: How Choke Points Can Improve Security
- The Alarming Rise of Undetected Chinese Hackers in US and Guam Critical Infrastructure
- How the Chinese-backed APT group ‘Volt Typhoon’ infiltrated US critical infrastructure organizations
- Why Is The White House Insisting On Section 702’s Criticality Without Public Evidence?
- How Will the White House’s New AI Research Guidance Shape the Future of Technology?
- “White House Launches Bold Cyber Strategy with Focus on Digital Education Initiatives”
- How Cybersecurity Leadership Falls Short for Board Position: Research Analysis
- Are ChatGPT Hallucinations Enhancing Vulnerability to Supply-Chain Malware Attacks?
- Exploring Zoom’s Response to Privacy Concerns in Europe: New Privacy Options for Customers
