Now is the time to take stock in our cyber defenses
While October is traditionally coined “Cybersecurity Awareness Month,” the amplified cyber threats we now constantly face necessitate discussion of the importance of cyber hygiene and cyber security defenses beyond just one month out of the year.
Cyberattacks are now the pre-eminent threat to our national security and way of life. Corporations, along with state and local governments, must recognize this, assume they are going to be the next victim, and prepare accordingly. If nothing else, attacks just this year, ranging from Colonial Pipeline to JBS, Kaseya, and countless others, remind us that no one is immune from the threats posed by cyber adversaries. Americans felt the real-world impact when they lined up at fuel stations only to be met with “no gas” signs. These attacks are no longer so distant from the daily lives of Americans.
Our cyber adversaries are only getting more sophisticated, and the far-reaching impacts are only intensifying as interdependencies between lifeline sectors increase. Adversaries like China and Russia use cyber strength as a means of national power and continue to provide safe havens for bad actors. Foreign adversaries and bad actors will only be stopped when met with strength.
Applying sanctions, forcefully calling out authoritarian nation state-led cyberattacks, and working to bolster the Cybersecurity and Infrastructure Security Agency’s (CISA) capabilities are critical first steps towards strengthening and securing our cybersecurity posture in the wake of unprecedented cyber espionage campaigns, like SolarWinds. We must continue the full court press to ensure bad actors feel stiff consequences for their actions.
We are grateful to have such strong leadership at the helm of CISA. With a wealth of federal and private sector experience, we are confident Jen Easterly has the talent and team to address our nation’s most pressing issues in cyberspace.
However, to combat the growing threat of ransomware attacks, it is vital that U.S. companies, especially those that control critical infrastructure, harden their networks to effectively disrupt the ransomware business model. A key component of finally gaining the upper hand on the ransomware pandemic once and for all will be leveraging the vital resources of CISA.
Every organization across the country, whether a school system, hospital, small business, or local government entity, should be preparing as if they will be the next victim. CISA offers a number of free services, assessments, and educational materials for stakeholders of all sizes to raise their level of cyber preparedness. These services provide safeguards which undeniably bolster an organization’s cybersecurity posture, while preventing and mitigating the plague of ransomware attacks. A full list and description of all the services provided by CISA can be accessed at CISA.gov.
Furthermore, to combat the growing threat, we must recognize that much of our 16 critical infrastructure sectors are underpinned by increasingly vulnerable hardware and software. As laid out in our five-pillar plan to combat ransomware, CISA cannot do this job without increased visibility across the critical infrastructure networks. We need a well understood, stakeholder driven process for identifying systemically important critical infrastructure or SICI entities, and providing prioritized cybersecurity services for those assets. Because if everything is critical, nothing is critical.
Earlier this month, with our colleague Rep. Abigail Spanberger (D-Va.), we introduced bipartisan legislation that would establish a transparent process for designating SICI and direct CISA to prioritize meaningful benefits to SICI owners and operators without any additional burden.
The SICI designation will include the most important critical infrastructure entities — ranging from pipelines to software providers — where disruption could have an outsized impact on our national or economic security. These entities naturally should have a deeper level of cyber risk management integration with the federal government.
It is clear there is simply no time to waste on this important effort. That’s why we’ve been encouraging our majority counterparts on the committee to move this piece of legislation as quickly as possible. As nation state actors continue to act with impunity and disrupt our critical infrastructure, time is of the essence. In 2020, we witnessed one of the worst years on record for ransomware attacks, and the problem has only accelerated through the first half of 2021. We must act now to mitigate this threat.
Many cyberattacks are easily preventable. It simply requires a level of vigilance that can be reached through the numerous free resources provided by CISA. As we increase awareness about the importance of cybersecurity across our nation, we encourage you to take some time this month to evaluate your cybersecurity posture and join the fight to secure our nation’s networks against the numerous bad actors looking to do us harm.
Rep. John Katko (R-N.Y.) is the top Republican on the House Committee on Homeland Security. Rep. Andrew Garbarino (R-N.Y.) is the top Republican on the Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation.
The Hill has removed its comment section, as there are many other forums for readers to participate in the conversation. We invite you to join the discussion on Facebook and Twitter.