Two years after the devastating Colonial Pipeline cyberattack, what has the U.S. intelligence and security community learned and done about how to fortify the nation's collective cyber defense? Jen Easterly, director of the Cybersecurity and Security Infrastructure Agency (CISA), poses the question in a new blog post.
“The good news" is that since the Colonial Pipeline attack, the White House has made significant advances in its collective cyber defense, "harnessing the full power of the U.S. government to address the full spectrum of the threat,” Easterly wrote.
What Cyber Defense Steps Has the U.S. Taken?
A drill down shows what measures the federal government has taken to date to protect the nation’s critical infrastructure, owners and operators:
- Developed stopransomware.gov to provide a central location for alerts and guidance for businesses and individuals
- Launched the Joint Ransomware Task Force with our FBI partners to orchestrate the federal government’s response to the epidemic of ransomware
- Established the Joint Cyber Defense Collaborative (JCDC), a concept born out of the U.S. Cyberspace Solarium Commission, to bring together industry, government and internal partners and tear down siloes that create gaps for the adversary
- The JCDC playing a central role in CISA’s Shields Up campaign to protect critical infrastructure from potential Russian cyberattacks, which brought together more than 25 major pipeline operators and industrial control systems partners to strengthen security practices
- Expanding the “CyberSentry” capability, which enables heightened visibility into and more rapid detection of cyber threats that could target our nation’s most critical operational technology networks.
- Introducing cybersecurity performance goals (CPGs) to prioritize the most impactful cybersecurity investments
In recounting the progress of the cybersecurity community to protect the nation, Easterly warned that it isn’t enough, there’s more work to do:
“Much work remains to ensure the security and resilience of our critical infrastructure in light of complex threats and increasing geopolitical tension.”
Preparing for the Next Cyberattack
For example, to prepare for a potential cyberattack from China, a number of steps need to be taken. As Easterly explained:
- Ensure that the technology that underpins services that Americans rely on every hour of every day is safe and secure. For too long, we have sacrificed security for features and speed to market.
- The days of relegating cybersecurity to the CIO or the CISO must end. CEOs and boards of directors must embrace cyber risk as a matter of good governance and prioritize cybersecurity as a strategic imperative and business enabler.
- Invest in the JCDC model of persistent and proactive operational collaboration between government and industry where the default is to share information on malicious cyber activity.
- Normalize cyber risks for the general public with the recognition that cyberattacks are a reality for the foreseeable future. We cannot completely prevent attacks from happening, but we can minimize their impact by building resilience into our infrastructure and into our society.
In conclusion, Easterly emphasized the imperative for change:
"We need to hold ourselves accountable to the hard lessons learned from two years ago. Are we going to make the choices that will lead us to a secure, resilient and prosperous future, or are we going to allow inaction to dictate a future in which our national security and our way of life hang in the balance? We have proven that it can be done but only if we act now… together.”