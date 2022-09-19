ContributorsPublishersAdvertisers
Public Safety

The U.S. is overdue for a dramatic shift in its cybersecurity strategy–but change is finally coming

By Andrew Rubin
Fortune
Fortune
 3 days ago
https://img.particlenews.com/image.php?url=3cHF6w_0i1Qunze00

U.S. infrastructure has always been a prime target for cyberattacks–but recent years have seen threats grow exponentially.

In 2021, ransomware attacks hit 649 U.S. critical infrastructure entities, according to the FBI. Even worse, the FBI’s Internet Crime Complaint Center (IC3) revealed that “of the 16 critical infrastructure sectors … 14 sectors had at least one member that fell victim to a ransomware attack in 2021.” Almost 90% of all U.S. critical infrastructure sectors were hit by a successful ransomware attack in 2021. It’s a dismal and harrowing reality.

U.S. critical infrastructure has long had a very large and obvious target on its back. But in the past four years, as our entire world has become increasingly digital, cyberattacks on our nation’s most valuable assets have become incessant–and increasingly catastrophic. This unfortunate fact pattern is the reason why the Cybersecurity and Infrastructure Security Agency (CISA) was formed in 2018. CISA, the “quarterback for the federal cybersecurity team,” was created to work across sectors to bolster national resilience in cyberspace.

Since that time, the threat landscape has shifted drastically. In the past two years alone, more than 76% of organizations have been attacked by ransomware and 66% have experienced at least one software supply chain attack.

The world will spend nearly $170 billion on cybersecurity in 2022, and nearly $20 billion of that will be spent by the U.S. Federal Government–yet we’re still hemorrhaging losses to ransomware. It’s clear that the way we’re approaching cyber is wrong–and it’s on all of us. That’s why the 2023-2025 CISA Strategic Plan–the agency’s first document of its kind–is so highly anticipated, and frankly, such a big deal. It’s not only affirmation and acknowledgment of the problem (we’re moving much too slowly in a threat landscape that changes faster each day), but also outlines a new path forward: one predicated on resilience.

In fact, the very first objective (1.1) in the plan is to “enhance the ability of federal systems to withstand cyberattacks and incidents” is ensuring that “FCEB agencies are prepared for and able to rapidly recover from cyberattacks and incidents” and “maintain mission continuity during and after cyberattacks and incidents.” This is an evident and deliberate shift away from the traditional security approaches of keeping attacks out (prevention) and detecting them quickly when they break through the perimeter. Unfortunately, our track record is proving again and again that these tactics no longer reliably work.

The traditional security models that we’ve relied on for decades aren’t designed to solve the problems posed by a hyperconnected, digital-first landscape. Ransomware and bad actors are bound to breach the perimeter and evade detection. It’s the inevitable reality of today’s technology and data-enabled world.

And so now, finally, we enter the era of breach containment and resilience. Organizations are focusing on isolating and minimizing breaches to reduce the impact and recover much more quickly. We are focusing on enhancing visibility across networks, workloads, endpoints, and critical infrastructure since you can’t defend what you cannot see. Risk reduction and resilience are finally serving as the north star for cybersecurity.

We know that government and legislation tend to be slow-moving in nature. But in an industry as dynamic, fast-paced, and far-reaching as cyber, we have long been behind the ball when it comes to mandating and regulating cybersecurity strategy across both public and private industries. CISA’s plan demonstrates that even at the federal level, there is enormous value in pivoting as the circumstances change and the need for a new strategy becomes evident. The attackers are experts at failing fast and adjusting, and the defender’s job is to always be as agile, and hopefully a step ahead.

This plan is yet another industry calling card to rectify the way we approach national resilience and cyber at large. Organizations and agencies are going to be attacked. Breaches and ransomware will remain the norm and those are now operating assumptions that should be held as facts. What we can control is how much (or little) damage or operational fallout those breaches incite.

CISA is the first federal agency to acknowledge that not only is the threat landscape shifting, but the way we must approach and defend against today’s evolving threat landscape must dramatically change as well.

Andrew Rubin is the CEO of Illumio.

The opinions expressed in Fortune.com commentary pieces are solely the views of their authors and do not reflect the opinions and beliefs of Fortune.

More must-read commentary published by Fortune:

Sign up for the Fortune Features email list so you don’t miss our biggest features, exclusive interviews, and investigations.

Comments / 0

Related
NBC News

Scientists at America’s top nuclear lab were recruited by China to design missiles and drones, report says

At least 154 Chinese scientists who worked on government-sponsored research at the U.S.’s foremost national security laboratory over the last two decades have been recruited to do scientific work in China — some of which helped advance military technology that threatens American national security — according to a new private intelligence report obtained by NBC News.
LOS ALAMOS, NM
IN THIS ARTICLE
#Fbi#Infrastructure Security
Benzinga

More US-China Tensions: China Claim US Took Control Of Telecom Network Post Space Research University Hack

The U.S. intelligence agents hacked into a government-funded Northwestern Polytechnical University known for its aeronautics and space research programs and gained control of parts of China's telecommunications network. The National Security Agency's cyber-warfare unit "penetrated and controlled" unnamed telecom operators, Bloomberg reports citing the Global Times. The U.S. gained remote...
U.S. POLITICS
TechSpot

US-China semiconductor battle: Second and third order consequences

Why it matters: Earlier this month, the US government blocked the sale of specific chips to anyone in China. We see this as an important change by the government in the tactics they are deploying. The United States has gone from blocking specific companies in China, to blocking all companies and focusing on specific products. This is a big change, and opens up the question -- what exactly are they hoping to achieve? This matters obviously in that it can help us predict the outcome, but we increasingly hold the view that the government may not have entirely thought through how this will ultimately play out.
FOREIGN POLICY
YOU MAY ALSO LIKE
NewsBreak
Public Safety
Country
Germany
Markets Insider

Russia's isolation from global markets is withering its economy and will wreck its status as an energy superpower, experts say

Russia's isolation from the west is a disaster for the long-term health of its economy, experts told Insider. Trade isolation limits what Russia can import, making production more expensive. Russia's situation will also greatly decrease its status as an energy superpower. Russia's resilience in the face of sanctions surprised experts...
ENERGY INDUSTRY
Vice

A Taiwanese Chip Giant Is Caught Between the US and China—and It’s Thriving

When U.S. House Speaker Nancy Pelosi visited Taiwan in early August, she vowed support for the self-ruled democracy at a time when it seemed to need it. An increasingly powerful China, which claims Taiwan as its own territory, had sought to weaken the island’s international standing, and Chinese nationalists’ calls for an invasion had grown louder. By traveling to Taipei in defiance of Beijing’s protest, Pelosi said, she wanted to demonstrate the U.S.’ commitment to help Taiwan defend its freedom.
FOREIGN POLICY
Daily Mail

Pentagon will unveil the new B-21 Raider stealth bomber in the first week of December - after cloaking development of the $639M aircraft in near-total secrecy

The US Air Force will unveil its next-generation stealth bomber, the B-21 Raider, during the first week of December, lifting the tight cloak of secrecy that has surrounded the aircraft's development. Northrop Grumman and the Air Force confirmed the timeline for unveiling the B-21 on Tuesday, saying that it will...
PALMDALE, CA
The Hill

Putin’s losses in Asia are bigger than in Ukraine

While the United States and European Union have focused on limited but hopefully important Russian reverses in Ukraine, a potentially more important setback to imperial Putinism is occurring in Central Asia. The game in Central Asia is a version of rock-paper-scissors. Russia employs military power, Turkey along with moderate Islam...
POLITICS
Fortune

Fortune

215K+
Followers
9K+
Post
96M+
Views
ABOUT

Fortune is a global media organization dedicated to helping its readers, viewers, and attendees succeed big in business through unrivaled access and best-in-class storytelling.

 https://fortune.com/

Comments / 0

Community Policy