Critical infrastructure security issues get local
Members of the Committee on Homeland Security in U.S. House of Representatives are drafting a bill that would set aside funds to help state and local governments to address critical cybersecurity infrastructure issues in the wake of spate of ransomware attacks that have crippled municipalities such as Atlanta and Baltimore.
At a GPU Technology Conference hosted by NVIDIA this week in Washington D.C., Moira Bergen, an aide to the committee, revealed that bill would also direct the Cybersecurity and Infrastructure Security Agency (CISA), an arm of the Department of Homeland Security (DHS), to work more closely with municipalities to secure their infrastructure.
Since CISA was created to secure critical infrastructure within the Federal government, roughly 400 cybersecurity infrastructure experts have been working with Federal agencies to secure critical infrastructure by leading, for example, table-top simulations of attacks.
Daniel Kroese, associate director for the National Risk Management Center within CISA, told conference attendees much of that work in the last two years has been focused on working with state and local governments to ensure the cybersecurity of elections. CISA doesn’t have the resources to centralize the management of Federal cybersecurity. Rather, Kroese says CISA is committed to making available cybersecurity expertise and best practices that agencies often are unable to access on their own.
What’s needed now is more of a “full-court press” at the Federal and local level to secure the digital supply chain on which all critical infrastructure depends, says Kroese. That doesn’t necessarily require a lot of additional headcount and processes as much as a refocusing of existing supply chain processes that today are focused on physical infrastructure, says Kroese. Far too much of that effort still rely on manual processes like spreadsheets that don’t scale, adds Kroese.
Naturally, it’s unclear in this current political climate how any bill might turn into actual law. Many of the positions with the DHS are currently unfilled because President Trump has declined to nominate anyone for Senate confirmation, including a cybersecurity coordinator. The president has expressed a preference for relying on “acting” agency heads that are easier for him to manage. Senators from both parties have expressed their displeasure with that approach. On the plus side, Bergen notes that cybersecurity is one of those issues that has been able to achieve some level of bi-partisan support.
What is clear is most municipalities don’t have the cybersecurity resources and expertise required to combat cybersecurity threats. Ransomware has emerged as an especially problematic issue that has paralyzed cities in ways that have cost millions of dollars to remediate. Rather than leaving each municipality to defend itself, members of the U.S. Congress are planning to make ransomware attacks a national issue.
The degree to which cybersecurity might influence the outcome of the next national election is anybody’s guess at this point. Regardless of what side of the proverbial political aisle cybersecurity professionals might find themselves on the one positive is more attention within the halls of Congress is finally being paid to these issues.