At a glance.
- US Homeland Security hearing focuses on cybersecurity.
- Advisory panel warns Congress of Beijing’s cyber prowess.
US Homeland Security hearing focuses on cybersecurity.
US Homeland Security Secretary Alejandro Mayorkas, along with Federal Bureau of Investigation Director Christopher Wray and National Counterterrorism Center Director Christine Abizaid, testified yesterday before the US House Homeland Security Committee hearing on global threats to national security, the Hill reports. When asked about his vision for the Cybersecurity and Infrastructure Security Agency (CISA) as hostile nations increasingly target American critical infrastructure, Mayorkas said his agency is dedicated to strengthening its collaboration with the private sector and with foreign allies. “The public-private partnership, the international relationships, the sharing of information is so vital, and that is really where we are headed,” Mayorkas stated.
The fiscal 2021 National Defense Authorization Act (NDAA) directed the Biden administration to create a new plan for keeping the US economy operational in the case of a major critical infrastructure attack, and the deadline for this plan is fast approaching. During the hearing, FCW notes, Republican lawmakers probed Biden officials for details on their strategy. Representative Andrew Garbarino of New York stated, “We’re now a little bit over a month before the deadline and we have yet to receive any information on where CISA or the department is on the Continuation of the Economy plan. The development of the Continuation of the Economy plan is a national security imperative for the safety, security and prosperity of the U.S. economy.” Mayorkas declined to give a definitive answer, instead replying that he would follow up “very quickly.”
As SC Media adds, Mayorkas also told lawmakers that CISA is working to fully implement cyber incident reporting rules, passed earlier this year, that require infrastructure entities to inform the government about cyberattacks. There’s a two-year window for finalizing those regulations, but Representative Yvette Clarke of New York, one of the authors of the bill, said she hopes implementation will happen more quickly. “My hope is that swift implementation will yield important security benefits, eliminate duplicative reporting frameworks and encourage harmonization across the interagency,” said Clarke.
Referencing a letter written by President Biden that noted gaps in statutory regulations for the nation’s critical infrastructure, Representative Jim Langevin of Rhode Island asked Mayorkas, “What gaps should we be looking to fill related to improving the cybersecurity of critical infrastructure?” Instead of directly answering, Nextgov.com reports that Mayorkas referenced actions already taken by the Transportation and Security Administration and the Cybersecurity and Infrastructure Security Agency. FBI Director Christopher Wray took the opportunity to highlight the importance of the private sector’s role in securing critical infrastructure, stating, “The private sector partnership is the critical ingredient to defending critical infrastructure in this country. And I think we've made very significant progress. There's also a lot more work to be done, but we're very much on the right path in my view.”
Advisory panel warns Congress of Beijing’s cyber prowess.
The US-China Economic and Security Review Commission yesterday released its 2022 Annual Report to Congress, an assessment of threats to the US economy and national security. Beijing’s cyber warfare and espionage capabilities were a major focus, and the panel warns that China’s strategy of maximizing its cyber powers “poses a formidable threat to the United States in cyberspace today.” As Nextgov.com explains, the report highlights Chinese espionage operations, which are “increasingly sophisticated and use advanced tactics” and often leverage “vulnerability exploitation and third-party compromise to infiltrate victims’ networks.” In its recommendations, the commission urged Congress to pass legislation codifying “systemically important critical infrastructure,” and also require designated “entities, defense contractors and recipients of federal funding for research and development of sensitive and emerging technologies to undertake enhanced hardening and mitigation efforts against cyberattacks.” The report also recommended that the Department of Homeland Security create a catalog of Chinese-sourced surveillance equipment used by state and local governments so it can be replaced with more secure options.