The United States may soon look to regulate private companies, mandating higher standards for cybersecurity following a series of damaging hacks and ransomware attacks against key firms and critical infrastructure.U.S. President Joe Biden’s nominees to fill two top cyber roles in his administration warned Thursday that malign actors are currently operating with impunity and that too many private sector organizations have, so far, failed to take the necessary precautions.FILE – In this June 8, 2013 photo, Chris Inglis, then deputy director of the National Security Agency testifies on Capitol Hill. Inglis is being nominated as the government’s first national cyber director at the Department of Homeland Security.”Enlightened self-interest, that’s apparently not working,” Chris Inglis, tapped to be the country’s first national cyber director, told members of the Senate Homeland Security and Governmental Affairs Committee. “Market forces, that’s apparently not working.””When they’re conducting critical activities upon which the nation’s interests depend, it may well be we need to step in and we need to regulate or mandate in the same way we’ve done that for the aviation industry or the automobile industry,” he added.Jen Easterly, nominated to head up the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, agreed.”As a nation, we remain at great risk of a catastrophic cyberattack,” she said. “It seems to me that voluntary standards are probably not getting the job done and that there is probably some sort of role for making some of these standards mandatory, to include notification.”The question of how best to take on a range of cyberthreats, from state-sponsored hackers to ransomware networks, has been thrust into the spotlight following a series of high-profile attacks in recent months, starting with discovery of the hack of SolarWinds, a Texas-based software management company, last December.That breach, described by U.S. intelligence agencies as a Russian espionage operation, exposed as many as 18,000 A JBS meatpacking plant is seen in Plainwell, Michigan, June 2, 2021.More recently, ransomware networks forced Sen. Mark Warner, D-Va., the Senate Intelligence Committee chairman, pauses to speak with reporters at the Capitol in Washington, June 10, 2021.”Congress needs to act,” Mark Warner, the Democrat who chairs the Senate Intelligence Committee, told Axios Thursday at a virtual event, when asked about the recent attacks.”The Biden administration has moved aggressively, but they can only do a certain amount of things,” Warner said. “We need to put this mandatory reporting bill in place.”Last month, Biden signed an executive order that requires internet service providers to share certain information about breaches into their networks, mandates higher standards for software development, and creates a playbook for how government agencies should respond to a breach.On Thursday, Inglis told lawmakers that the recent series of high-profile hacks and ransomware attacks “signal the urgent need to secure our national critical infrastructure” and that if confirmed as national cyber director, he would work to strengthen not just the technology but the people using the technology, as well.”What we need to do is make these systems defensible — they’ll never be secure,” Inglis said. “We need to then defend them … such that we can change the decision calculus of adversaries.”Every one of us needs to learn how to cross the cyber street in the same way we learned to cross a physical street when we were young,” he added.
…