Cybersecurity Needs Beefing Up Says Biden
Cybersecurity Needs Beefing Up Says Biden
The East Coast is breathing a sigh of relief, as the Colonial Pipeline is restarting its operations. However, the company said it could take days for deliveries to return to normal. Bloomberg has reported that Colonial paid nearly $5 million in ransom to DarkSide, the Eastern European hackers who breached its cybersecurity.
Meanwhile, gas fever continued from Texas to New Jersey as drivers queued up in long lines to obtain precious fuel.
In Washington, DC, members of the Biden administration took the wakeup call. Like Transportation Secretary Pete Buttigieg, who wants to secure our infrastructure.
“We need to make sure our infrastructure is resilient to climate security issues caused by the increased frequency and severity of weather events. But we also need to be sure that we are resilient in the face of cyberthreats.”
Notice how Buttigieg first addresses weather issues, then threats from bad foreign actors. I’ve never heard of a hurricane shutting down a grid and demanding ransom, but you know the administration’s obsession with climate change.
Plus, on Wednesday President Biden signed an executive order to place new cybersecurity standards on software purchased by the federal government. Software developers who violate these new standards would be removed from federal procurement lists. This could also harm their chances of marketing on the commercial market.
It’s about time. Over the past year there have been about 2400 cyberattacks on corporate, local, and federal offices. And, as in the Colonial Pipeline event, hackers have demanded ransom.
Just as shocking is the fact that 85% of critical infrastructure is owned by private companies. There’s nothing wrong with private companies, of course. But there aren’t many regulations to guide them on how to protect their networks. On top of that, most ransomware attacks come from hostile overseas nations, like Russia, which also protect the criminals. And when an attack occurs, bureaucratic inefficiencies hamper defensive action.
First, the National Security Agency tries to collect intelligence, and then the FBI investigates. The Department of Homeland Security then tries to protect government computers. It’s rather like closing the barn door long after the horse runs away.
In fact, after the Colonial Pipeline attack, Sen. Rob Portman (R-OH) expressed his shock at these complications.
“Right now we are waiting for additional technical information on exactly what happened at Colonial so that we can use that information to potentially protect other potential victims down the road.”
“At our last hearing, I asked the witnesses which agency is in charge of federal cybersecurity. The witnesses were unable to give an answer, which is troubling.”
Former NSA general counsel Glenn Gerstell says this:
“No one would ever think the private sector is responsible for defending itself against North Korean missiles. And yet the private sector is expected to defend itself against foreign cyber maliciousness.”
What’s even more troubling is the substandard way in which companies maintain their security.
In February I had the privilege of hearing Professor Jonathan Lanning, a cybersecurity expert, speak at a seminar. Lanning, a former Air Force officer who served as Lead Defensive Cyberspace Operations planner, now teaches cybersecurity at Friends University in Wichita, KS.
Lanning told our group that too many companies do not use top notch employees to manage their security systems. Rather than employing professionals specifically trained in cybersecurity, they rely on people from their IT departments, many of whom are “lazy coders,” as he put it. The cost of such laxness? Lanning said that 60% of companies that get attacked with ransomware go under within six months.
No wonder there are have been 2400 cyberattacks over the past year.
The Friends University cybersecurity program uses a virtual training lab that replicates the internet in real time, giving students hands-on experience. This training goes well beyond the pejorative “learn to code.” However, the bad news is that there are only two other universities in the US which provide this kind of experience.
President Biden seems to understand the need for training future cybersecurity experts.
Biden on the gas crisis: “I think we have to make a greater investment in education as it relates to be able to train and graduate more people proficient in cyber security." pic.twitter.com/Jz1XynW6DZ
— Tom Elliott (@tomselliott) May 12, 2021
Well, maybe that’s what he says now. But don’t count on the sentiment continuing. Instead of focusing on training the best and brightest, Biden’s Department of Education is currently looking to infuse Critical Race Theory into the Elementary and Secondary Education Act. And while school boards control local schools, the feds will be there to hand out cash to school districts as an incentive to adopt this pernicious teaching. Money walks, cash talks, as the saying goes.
The time has come to abandon toxic CRT and its cousin forced diversity. As Glenn Gerstell said, “For well over two centuries, America has responded to foreign threats where they resided — overseas.” The threats, however, are now at our shores, coming from predator hackers who sniff out weakness in their prey. They see in Joe Biden a frail and inept president. They see the United States as fractured over politics and race. The Colonial Pipeline incident should serve as a wakeup call to harden our cybersecurity. First, we need a streamlined system of defense. Then, we need to employ the brightest and best-trained Americans to provide a cyber protection every bit as imposing as our military. After all, cybersecurity is now just as imperative to the safety of the nation.