Connect with us

Hi, what are you looking for?

Cyber Security

Lawmakers suggest ‘radical transparency’ as key to shoring up US cyber posture

The lessons of Ukraine argue for increased openness about public and private sector cyber attacks, two congressmen said on Monday.

A bipartisan pair of lawmakers Monday suggested the model Ukraine is employing to combat Russian hacking may be useful for U.S. industry and government agencies if laid out properly.

“Ukrainians are effectively combating hacking and other cyber attacks by the Russians by basically doing two things: radical transparency about the attacks that are happening in the private sector, in the public sector, and everywhere; and then radical sharing to make sure that everybody can learn from the attacks that are going on,” Rep. Raja Krishnamoorthi, D-Ill., said in a panel discussion hosted by IT management firm SolarWinds at the Rayburn House Office Building.

“And when you share, you usually get information in return as well,” added Krishnamoorthi, who sits on the House Permanent Select Committee on Intelligence.

Rep. Darrell Issa, R-Calif., who sits on the House Foreign Affairs Committee, said lessons learned since Russia invaded Ukraine nearly 16 months ago suggest more information sharing among industry-leading companies and federal agencies leads to better cyber outcomes.

“What we’ve learned in Ukraine has to become an American imperative, which is that there can’t be defense secrets that we keep because we don’t want [adversaries] to know that we know,” Issa said. “At this point, we’re past that.”

Issa said increased engagement with leading cellular communications providers as well as IT infrastructure and cloud computing firms would be a necessity for any nationwide cybersecurity solution. Issa singled out China as America’s greatest cybersecurity adversary, and both he and Krishnamoorthi said about 67% of all attacks on U.S. systems originate in China.

“We can’t do it unless we have an America-wide solution — one that points to China but doesn’t exclude the rest of the world,” Issa said.

The congressman’s remarks come three months after the Biden administration released its national cybersecurity strategy, which in large part seeks to shift cybersecurity accountability from users and small organizations to large tech companies. The Cybersecurity and Infrastructure Security Agency, or CISA, will play a key role in executing the strategy across the federal landscape in two ways, according to Eric Goldstein, the agency’s executive assistant director for cybersecurity.

“The first is moving to persistent collaboration at the speed of the adversary,” Goldstein said. “And what that means is that we need a model where the government, with our industry and …our international partners, are seamlessly and frictionlessly working together, day in and day out, to combat the threats that we’re seeing today, and getting ahead of the ones that we’re seeing.”

Adversaries will work to exploit “any gaps or weaknesses in that collaborative framework,” Goldstein said, which necessitates that companies across sectors, along with the NSA, FBI, U.S. Cyber Command, the Homeland Security Department and international partners “work together” lest the weakest link breaks the cybersecurity chain.

The second shift called for in the national cyber strategy is the shift in burden. Small organizations — like a school district or water utility company — can’t be expected to protect themselves against highly resourced adversaries like the Chinese Communist Party, Goldstein said.

“And so we need the government to do more. And we need those tech providers with the scale and maturity and the competence to do more as well,” Goldstein said. “If we can move to a model where the tech we are using is safe by design and default, and we’re collaborating across partners at speed and at scale, that’s how we stay ahead of the threat, the magnitude of which we’re facing.”

Sudhakar Ramakrishna, SolarWinds President and CEO, said that sort of “secure by design, secure by default” end state has been a framework for his company since his tenure began in January 2021 — one month after Russian hackers injected malware into its Orion products, breaching 9 federal agencies and dozens of companies.

“You don’t think about the airbag in a car after the car is manufactured,” he said. “You think about that — and the safety of it — as you’re designing. The software [providers] and industry need to think about security like quality. You want the customer to get a great quality experience, and therefore a great security experience as well.”

Advertisement. Scroll to continue reading.

Copyright 2021 Associated Press. All rights reserved.

Source: https://www.nextgov.com/cybersecurity/2023/06/lawmakers-suggest-radical-transparency-key-shoring-us-cyber-posture/387492/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

A top Defense Department official described the private sector as “absolutely essential” in implementing the agency’s new cyber strategy. A top Defense Department official...

Cyber Security

The agency is utilizing a relaunched cybersecurity coordination center and additional programs to significantly ramp up interactions with key partners, a top official said....

Cyber Security

The nation’s cyber defense agency is building onto White House efforts to secure schools’ systems nationwide with the help of major education software companies....

Cyber Security

A new report says a cyber threat actor within Russia’s military intelligence service leveraged a novel malware campaign targeting Android devices used by the...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO