The last 12 months have been a parade year in terms of the severity of the cyberattacks that have devastated businesses both large and small.
But in the wake of the chaos, Capitol Hill has shown an unprecedented level of bipartisan support and genuine interest in strengthening the country’s cybersecurity.
“Everyone was aware of cybersecurity threats, from ransomware attacks to other various types of cyber intrusion,” said Rep. Jim LangevinJames (Jim) R. LangevinFederal agencies need to close hundreds of security holes Legislators praised the imminent establishment of a cyber office at State Federal first aid workers deserve the retirement we promised them MORE (DR.I.), chairman of the House Armed Services cybersecurity subcommittee, told The Hill earlier this month. “We are now more aware, more members are paying attention than ever before.
The changes come after one of the bloodiest years in cyberspace history, with a spate of high-profile and highly damaging attacks occurring in rapid succession.
These included ransomware attacks on Colonial Pipeline, meat producer JBS USA, IT company Kaseya and, during the year, numerous schools and hospitals that were already under pressure from the changes caused by the COVID-19 pandemic.
Incidents also included nation-state-backed efforts such as the SolarWinds hack, which allowed Russian hackers to compromise at least nine federal agencies, and Microsoft Exchange Server vulnerabilities, the exploited affected by Chinese hackers and potentially thousands of groups.
“It doesn’t seem like a week goes by without a major new cyber problem, so it’s getting more attention and more willingness to do something about it,” said Langevin.
The increasing number of attacks has drawn Congress’ attention and interest to an extent not seen before 2021.
“I can feel the eagerness among my colleagues to get involved in this topic and the eagerness to define or introduce laws that may not be the big lot, but can be a point on the board,” said Rep. Mike GallagherMichael (Mike) John GallagherHuman rights groups sound the alarm over Interpol election China denies testing a missile, says it is a spacecraft Biden continues to slide back into the failed China policy MORE (R-Wis.), Co-chair of the Cyberspace Solarium Commission, told reporters on Wednesday.
The May attack on the Colonial Pipeline that paralyzed fuel supplies in several states for a week before the company decided to the hackers pay the equivalent of roughly $ 4.4 million in Bitcoin to regain access to systems was an important wake-up call.
While cyberattacks previously often did more damage, the Colonial Pipeline incident marked the first time many Americans fully understood the damage that dismantling a critical system can do, a matter of concern and attention at all levels of government.
Efforts to address the hack included House and Senate hearings that were attended by the company’s CEO grilled from members on both sides of the aisle to the incident, and the House Oversight and Reform Committee finally concluded that “small mistakes” in security led to the breach of Colonial and other incidents.
“Colonial Pipeline was a real game changer and opened the eyes of many members who may not have previously focused on cyber,” said Langevin.
The attack spurred efforts to establish mandatory standards for reporting cyber incidents, especially after the Solarwinds breach, which was first discovered when cybersecurity firm FireEye publicly announced that it had been compromised when it was not required.
Efforts to pass a law that would give owners and operators of critical infrastructure a set time to report a serious incident to the federal government and to report whether hackers get paid after a ransomware attack has been going on at the Capitol all year round Hill gained momentum.
The bipartisan leaders of the House and Senate Homeland Security Committee and Senate Intelligence Committee came to an agreement on the language that should be passed as part of the annual National Defense Authorization Act, however drawn after last minute objections from Senator Rick Scott (R-Fla.).
Given the bipartisan consensus on the need to take further steps to defend the nation against cyber threats, the action is likely to be a speed bump rather than a roadblock.
“I feel like we were very close, and it’s clearly one of the most important unfinished business we should be able to get off of in the beginning of the new year, that’s my intention,” said Sen. Angus KingAngus KingDemocrats prepare for a filibuster and voting rights showdown The Republican Senator texted Joe Manchin about joining the GOP Senate expert informs Democrats about possible rule changes MORE (I-Maine), the other co-chair of the Cyberspace Solarium Commission, told reporters on Wednesday.
Congress wasn’t the only one to pay more attention to cybersecurity in a turbulent year.
The Biden government has given the issue top priority, including through the nomination and eventual Senate approval of both former National Security Agency Deputy Director Chris Inglis as national cyber director, and Jen Easterly, who is responsible for cybersecurity and infrastructure Security Agency (CISA) directs. Under the leadership of these officials, the administration, along with Anne Neuberger, Deputy National Security Advisor on Cyber and New Technologies, has improved the ability to respond to cyber crises.
“I’ve never felt more trusting between industry and government,” said Bill Wright, senior director of government affairs for software company Splunk, to The Hill earlier this month. “I think that’s a big plus, and the current government deserves a lot of credit for its nationwide approach to cyber.”
The coordination between the federal government and the private sector has been fully visible in recent weeks as security experts attempted to create patches against a widespread vulnerability in the Apache logging library log4j, which is built into the systems of the majority of global organizations. In addition, experts are closely monitoring potential Russian cyberattacks on Ukraine while Russian troops are gathering at the Ukrainian border.
“I just think world events are going to require members of Congress to pay more attention to these issues,” Gallagher told reporters.
With cyber threats remaining a concern both domestically and internationally, there is yet another year ahead for both Congress and the Biden government with cyber threats unlikely to abate, but the next 12 months with far more understanding and Face coordination than a year ago.
“[The year] 2021 was a series of belly blows, ”noted Wright. “I think taken together they will all have an absolutely permanent impact on how the government defends itself.”
#Congress #turns #cybersecurity #year #attacks