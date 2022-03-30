ContributorsPublishersAdvertisers
U.S. Politics

Regulatory enforcement is our best weapon against cyberwar

The Hill
The Hill
 1 day ago
https://img.particlenews.com/image.php?url=1r5NkC_0euUt9Yc00
© iStock

The war in Ukraine demonstrates that modern warfare is not just wielded on the battlefield. The war started with attacks on Ukrainian websites and computers, and it continues with Ukraine's supporters attacking Russian targets. On May 12, 2021, President Biden issued an executive order to improve cybersecurity for the federal government. However, when it comes to the private sector, all Biden administration initiatives are voluntary and depend on the goodwill of private companies.

Unfortunately, this is not sufficient. While there are no methods that can completely safeguard networks and systems against cyberattacks, to increase the odds that our country will not be paralyzed, regulations that will enforce cybersecurity principles on products and infrastructure are necessary.

The executive order was an excellent first step in the right direction. It required the National Institute of Standards and Technology (NIST), in collaboration with industry and other partners, to develop a new framework to improve the security and integrity of the technology supply chain. As a direct response, in February 2022, NIST published Recommended Criteria for Cybersecurity Labeling of Consumer IoT Products and Recommended Criteria for Cybersecurity Labeling of Consumer Software. The publications recommended cybersecurity labeling for consumer software and consumer internet connected devices that will give the public a clear indication of whether a device or software meets cybersecurity criteria.

One of NIST’s tasks is to “consider ways to incentivize manufacturers and developers to participate in these programs.” In other words, there is currently no intent to force vendors, big or small, to label their products. Similarly, the Cybersecurity and Infrastructure Agency (CISA) offers recommendations and tools for companies to maintain cybersecurity hygiene, but it has no enforcement capabilities.

The guidelines outlined by CISA and by NIST are not surprising or onerous; rather, they build upon existing frameworks and incorporate lessons learned from cyberattacks. Following these standards would have prevented some of the most massive cyberattacks known to date. But they also require investment in better IT practices, additional software and, oftentimes, new hardware development.

To ensure companies invest in better cybersecurity, the U.S. must require all companies to go through a yearly audit to certify their IT infrastructure and obtain a cybersecurity label for their products. Companies that do not meet the certification criteria ought to face financial penalties. At the same time, the U.S. government should embark on a campaign to educate the public on the security labeling, so the public avoids purchasing products that lack a cybersecurity label and, therefore, have not met the criteria.

The ransomware attack on the Colonial Pipeline in 2021, which caused power outages across the East Coast, demonstrates the importance of following the guidelines. According to Bloomberg, a hacker got hold of a password to a single VPN account and through that account was able to take down the largest fuel pipeline in the U.S. This attack could have been prevented if access to the VPN required multi-factor authentication, which adds an additional layer of identification on top of the password (as recommended by the currently voluntary CISA guidelines).

In another such example, on Oct. 21, 2016, a service provider called Dyn was targeted by a series of cyberattacks. The result was a massive internet outage affecting websites such as Amazon, PayPal, Walgreens, Visa, CNN, Fox News, Wall Street Journal and the New York Times. The attack was carried out by Mirai malware that took control over internet-connected devices such as cameras, DVRs, routers, printers and VOIP phones. These devices come out of the factory with a hard-coded default user and password. Mirai scanned the internet for the devices and tried to access them through the known default username/password. It succeeded in gaining access to more than 400,000 devices.

Using strong passwords and changing them regularly is a basic cybersecurity principle, one of the principles spelled out in the NIST labeling recommendations. The attack could have been prevented if vendors of the devices had enforced changing the default access setup upon activation.

One of the worst global cyberattacks to date, the 2017 NotPetya cyberattack, likely would have been diverted with better cybersecurity. The alleged Russian hack – which was largely directed at Ukraine but infected countries all over the world – infected computers via a backend vulnerability in the software update that had been present for six weeks prior to the attack. When the malware spread around the world, it impacted companies such as FedEx and Mondelez International, the maker of Oreos and Triscuits, which is headquartered in Chicago. Mondelez claimed damages of $100 million. The Russian invasion is happening on the ground in Ukraine, but cyberwar has no borders, and its ramifications have the devastating potential to spread globally.

When we think of America going to war, we think of defending American values and way of life. In this century, the American way of life is dependent on our use of technology and the internet. To preserve this, we must deploy the best weapon in our arsenal — regulatory enforcement of cybersecurity principles.

Talila Millman is a cohort member of the Progressive Policy Institute’s Mosaic Economic Project. She is a product and engineering leader with 20 years of experience identifying what products customers need and how to best deliver them. Talila has led product and engineering groups at Stanley Black and Decker, Harris, Infinite Convergence, Motorola and others.

Comments / 1

The Hill
The Hill

523K+

Followers

63K+

Posts

396M+

Views

Related
americanmilitarynews.com

Biden releases Russian cyberattack warning to all Americans – here it is

President Joe Biden released a statement to all Americans on Monday afternoon warning that Russia may target the U.S. with cyberattacks. This is a critical moment to accelerate our work to improve domestic cybersecurity and bolster our national resilience. I have previously warned about the potential that Russia could conduct malicious cyber activity against the United States, including as a response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners. It’s part of Russia’s playbook. Today, my Administration is reiterating those warnings based on evolving intelligence that the Russian Government is exploring options for potential cyberattacks.
U.S. POLITICS
NBC News

White House: We will respond if Russia conducts cyber attacks on U.S. businesses

The Biden administration urged U.S. businesses to take added precautions amid intelligence that Russia could target American companies with cyberattacks, as the conflict in Ukraine continues. Anne Neuberger, the deputy national security adviser for cyber and emerging technology, spoke about the administration’s outreach during a White House press briefing.March 21, 2022.
POTUS
IN THIS ARTICLE
#Iot Devices#Hackers#Ukrainian#Russian#Nist
YOU MAY ALSO LIKE
NewsBreak
Technology
NewsBreak
Paypal
News Break
Politics
NewsBreak
U.S. Politics
NewsBreak
Walgreens
NewsBreak
Amazon
Country
Russia
Fox News

US slaps new sanctions on North Korea after missile test

The U.S. State Department announced new sanctions on entities and individuals located in Russia, North Korea, and China in the wake of the Hermit Kingdom's launching a long-range ballistic missile Thursday, weeks after the U.S. warned of new Pyongyang tests. "The United States today announced sanctions on five entities and...
U.S. POLITICS
Fortune

Russian oil tankers have vanished from tracking systems. Someone is buying that crude and we don’t know who

Never miss a story: Follow your favorite topics and authors to get a personalized email with the journalism that matters most to you. Since Russia invaded Ukraine, many Western oil companies as well as traders, shippers, and bankers have stayed away from Russian oil. But a new report by CNN indicates Russian crude may be seeing a resurgence in demand—in relative secret.
ENERGY INDUSTRY
rigzone.com

A Crisis Could be Brewing in the Gulf of Mexico

The next five-year offshore leasing program must be in place by July 1 - but it's well behind schedule. Jeopardized American energy security and a cost of thousands of U.S. jobs and billions in government revenue. That’s what we could see if there is a lapse in the U.S. Department...
LOUISIANA STATE
The US Sun

Ridiculous moment ‘Russian soldiers are ABANDONED by comrades who speed off in Z truck in chaotic retreat from Ukraine’

THIS is the bizarre moment Russian soldiers appear to be abandoned by their comrades who speed off in a "Z" marked truck in a chaotic retreat from Ukraine. Drone footage shows the military vehicle steaming up a snowy hill as two frantic soldiers chase behind on foot amid reports Vladimir Putin's despairing troops are giving up in the face of stiff Ukrainian resistance.
MILITARY
Daily Mail

Putin and his high command 'are already hunkering in secret bunkers' - after Kremlin spokesman said Russia would use nukes in face of 'existential threat'

New evidence has emerged Vladimir Putin and his highest ranking commanders are running the war in Ukraine from top secret nuclear bunkers. Movements of planes used by top Kremlin officials show Putin may be in a hideaway near Surgut, in western Siberia, it has been claimed. His defence minister Sergei...
POLITICS
The Hill

The Hill

523K+
Followers
63K+
Post
396M+
Views
ABOUT

The Hill is a top US political website, read by the White House and more lawmakers than any other site -- vital for policy, politics and election campaigns.

 https://thehill.com/

Comments / 0

Community Policy