Tech

Inside America’s never-ending plan to overcome cybersecurity failures


Glenn Gerstall, general counsel at the National Security Agency through 2020. “The good news is that we really know how to deal with these issues. It can be expensive and difficult but we know how to do it. This is not a matter of technology.”

Another major recent cyberattack proves the point once again: SolarWinds, a Russian hacking campaign against the US government and major companies, could have been disabled if the victim had followed the instructions. well-known network security standards.

“There is a tendency to overstate the ability of hackers to be responsible for major cyber security incidents, practically to the extent of a natural disaster or other so-called godly acts,” Wyden said. ‘ said Wyden. “That conveniently puts the hacked organizations, their leaders, and government agencies accountable for all of that. But once the facts come out, the public has repeatedly found that hackers often get their initial footing due to the organization’s failure to update patches or correctly configure their firewalls.”

It is clear to the White House that many businesses do not and will not invest enough in their own cybersecurity. Over the past six months, the administration has issued new cybersecurity rules for banks, pipelines, rail systems, airlines and airports. Biden signed a cybersecurity executive order last year to strengthen federal cybersecurity and impose security standards on any company that sells to the government. Changing the private sector has always been a more challenging and arguably more important task. Much of the critical infrastructure and technology systems are in the private sector.

Most of the new rules meet very basic requirements and minimal government intervention — yet they still receive feedback from companies. Even so, it’s clear that more is coming.

“There are three main things that are needed to remedy the unfortunate ongoing state of U.S. cybersecurity,” Wyden said. “Mandatory minimum cybersecurity standards enforced by regulatory agencies; mandatory cybersecurity audits, conducted by independent auditors who are not selected by the companies they are auditing, with the results delegated to regulatory authorities; and high fines, including prison sentences for senior executives, when failure to perform basic cyber hygiene resulted in violations. “

The new mandatory incident reporting rule, which became law on Tuesday, is seen as a first step. The law requires private companies to quickly share shared threat information that they once kept secret — although that precise information can often help build a collective defense stronger.

Previous attempts at regulation have failed but the latest push for the reporting law has been a success thanks to key support from corporate giants like Mandiant CEO Kevin Mandia and Microsoft president Brad Smith . It is a sign that private sector leaders now see regulation as inevitable and beneficial in key areas.

Inglis stressed that the development and enforcement of the new rules will require close cooperation at every step between the government and private companies. And even from within the private sector, there is consensus that change is needed.

“We’ve been trying to be completely voluntary for a long time,” said Michael Daniel, head of the Cyber ​​Threat Coalition, a collection of technology companies that share cyber threat intelligence. “It’s not going as fast or as good as we should have.”

The view from across the Atlantic

From the White House, Inglis argued that the United States had fallen behind its allies. He points to the UK’s National Cyber ​​Security Center (NCSC) as the government’s cybersecurity pioneer that the US needs to learn from. Ciaran Martin, the founding CEO of the NCSC, views the American approach to cyberspace with perplexed surprise.

“If a British energy company did to the British government what Colonial did to the US government, we would tear them down with words at the highest level,” he said. “I’ve had the prime minister call the president to say, ‘What the hell do you think is paying the ransom and shutting down this pipeline without telling us?'”



Source link

news7h

News7h: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, Sports...at the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button