U.S. Launches Cyber ‘Sprints’ in the Wake of Nation-State Hacks
(Bloomberg) -- The U.S. Department of Homeland Security is undertaking a series of “sprints” to enhance American cybersecurity in the wake of major attacks.
“I am announcing today a series of 60-day sprints, each focused on the most important and most urgent priorities needed to achieve our goals,” DHS Secretary Alejandro Mayorkas said at a virtual event on Wednesday. The initiatives will focus on fighting ransomware, improving the resilience of industrial control systems, protecting transportation and election security and furthering international capacity building.
Mayorkas’s remarks laid out the department’s cyber strategy for the Biden administration’s first year. President Joe Biden took office the month after the disclosure of a sprawling cyber-attack by suspected Russian hackers, who compromised popular software from SolarWinds Corp. to hack into nine government agencies and approximately 100 private sector companies.
“Our government got hacked last year, and we didn’t know about it for months,” Mayorkas said of the attack. “This incident is one of many that underscores the need for the federal government to modernize cybersecurity defenses and deepen our partnerships.”
In addition to its ongoing remediation of the SolarWinds attack, the Biden administration is responding to other digital incidents.
Microsoft Corp. revealed in March that suspected Chinese hackers had exploited vulnerabilities in its email software, which cybersecurity experts say compromised tens of thousands of entities. In February, a hacker breached computer networks at a Florida water treatment plant and briefly boosted the level of a toxic chemical -- an incident Mayorkas called a “powerful reminder of the substantial risks we need to address.”
Beyond the 60-day sprint priorities, Mayorkas also described series of issues that will hold his “sustained personal attention.” These include securing the digital supply chain, ensuring democracy-related infrastructure remains resilient, and planning for future endeavors such as the adoption of new encryption algorithms as quantum computing advances.
Mayorkas also placed cybersecurity and the work of DHS’ Cybersecurity and Infrastructure Security Agency in the context of global democracy.
“Far too often cybersecurity is used as a pretext to infringe on civil liberties and human rights,” he said. “A free and secure cyberspace is possible and we will champion this vision with our words and our actions.”
Funding ‘Down Payment’
It could take years for the department to fully implement Mayorkas’s vision, he said. The $650 million Congress set aside for CISA in a stimulus package enacted earlier this month is a “down payment” on the work the agency has in store, he added.
CISA -- which Mayorkas characterized as the “most trusted interlocutor” between government and the private sector -- will launch an awareness campaign for the private sector about the agency’s capabilities, and a grant program for critical industries to take advantage of its services, he said.
Lawmakers are keen to ensure CISA has the tools it needs. Congressman Jim Langevin, a Rhode Island Democrat and member of the Cyberspace Solarium Commission, vowed in a press release after Mayorkas’s remarks to get CISA a “robust allocation of the national defense budget function funding.”
“Congress must follow up on the investment in federal network resilience we made in the American Rescue Plan Act with sustained funding through the appropriations process,” Langevin said.
©2021 Bloomberg L.P.