At a glance.
- Assessing progress in implementing recommendations of the US Ransomware Task Force.
- Cyber Shield connects military with private industry cybersecurity experts.
- US Representative says EPA unprepared to protect the country’s water infrastructure.
- Public-private partnership as seen from the private sector.
Assessing national progress in implementing the recommendations of the US Ransomware Task Force.
In April 2021 the US Ransomware Task Force (RTF), a collaboration of key stakeholders across industry, government, and civil society, issued its guidance on new methods the government should employ in order to counter the threat of ransomware. At the RSA Conference this week, RTF executive chairman and chief executive of think tank the Institute for Security and Technology Phillip Reiner spoke on the administration’s progress in implementing those methods. So far, the majority of the report’s recommendations have been initiated, and 25% have seen significant progress, the Wall Street Journal explains. However, Reiner noted, “there’s still a great deal of work that remains to be done on this front to really blunt the trajectory of this threat.” One area with room for improvement is the government’s planned financial support for ransomware victims. Though part of an infrastructure law passed in November, the distribution process for the funding has not yet been solidified. Michael Phillips, chief claims officer at Resilience Cyber Insurance Solutions LLC, also noted that there are information gaps when it comes to incident disclosure, which can slow incident response. Megan Stifel, chief strategy officer at the Institute for Security and Technology, said that cross-border cooperation has seen some growth, evidenced by the international summits on ransomware and several arrests of cybercriminals in the past year, but there is more to be done. Ms. Stifel explained, “I think it’s pretty fair to say that while we do as a government pay more attention and invest more resources in building capacity abroad, it is a slow process. And so that one, I think, is one that will take time to have impact.”
Cyber Shield connects military with private industry cybersecurity experts.
Each year, the US National Guard hosts an unclassified Cyber Shield training exercise aimed at helping private partners connect with citizen soldiers and airmen to help them learn more civilian-acquired skills. This year’s event kicked off earlier this week in the state of Arkansas. Major General Richard Neely told Nextgov.com, “Cyber Shield is special because it integrates at all levels of government, tech industry, law enforcement and other partners. These military cyber warriors have a significant advantage over their active duty counterparts as they bring in those unique civilian acquired skills and experiences in addition to their military cyber training.” More than eight hundred members of the US Navy and Coast Guard will gather with members of the National Guard to participate in digital training exercises, and this year’s focus will be on fighting disinformation, particularly its dissemination through social media platforms. George Battistelli, the exercise director and Deputy Chief Information Officer within the National Guard, explained, “Social media has changed the way we communicate and consume data. And that manner is important for us to continue to train our soldiers using real world events, so they're able to cut down the noise and focus on their mission.” Other focus areas include response to large-scale incidents like 2020’s Solar Winds attack, and a holistic cybersecurity approach to incidents impacting the supply chain.
US legislator says EPA unprepared to protect the country’s water infrastructure.
US Congressman Jim Langevin, a member of the House Homeland Security Committee and the Cyberspace Solarium Commission (CSC), is urging the Environmental Protection Agency (EPA) to improve the cybersecurity defenses of the country’s water sector, CyberScoop reports. Speaking last week at a water sector cybersecurity virtual event hosted by the Foundation for the Defense of Democracies (FDD), Langevin said the EPA is ill-equipped to defend the nation’s water infrastructure from attack. “Knowing what we know about the cyber threats facing the water sector, this status quo simply cannot continue.” Last November the FDD published a report proposing a “co-regulatory model” for regulating water sector cybersecurity resembling the Federal Electricity Regulatory Commission’s (FERC) partnership with cybersecurity nonprofit the North American Electric Reliability Corporation (NERC), but Mark Montgomery, former executive director of the CSC and current head of the Center on Cyber and Technology Innovation at FDD, says the EPA’s cybersecurity arm has only $7 million in its annual budget for cybersecurity, far short of the $45 million needed. An EPA spokesperson declined to comment on budget numbers, but stated, “The EPA is committed to using its available authorities and resources to strengthen cybersecurity across the water sector. Recent events have highlighted the importance of this effort and the agency is taking a multi-pronged approach in close partnership and coordination across the federal government and in collaboration with state agencies.”
Public-private partnership as seen from the private sector.
Yesterday at the RSA Conference, SolarWinds CEO Sudhakar Ramakrishna outlined a proposal for a new way in which software companies could cooperate with CISA. They might, he proposed, dedicate employees to the agency: “The only way our industry will be able to effectively respond to the evolving threat landscape is through a true partnership between the public and private sectors. Today, we are calling on the entire software industry to join us in this effort and encourage every software or technology company in the U.S. to commit one full-time employee to work under the guidance and direction of CISA to support both threat intelligence and information sharing. SolarWinds has made this commitment and my hope is other companies will join us in this endeavor.”