Black Hat 2021: what is the federal government’s role in cybersecurity?
Two contrasting visions of cyberspace
“We are in competition between two visions, one of countries like Russia, China and Iran, which want to limit access and maximize control, and the other of the United States and our allies, which want to build and protect a free, open and secure Internet. “, continued Mayorkas.
He exposed the stark contrasting approaches to internet governance, arguing that the United States ultimately faces some critical issues. “Who will build, own, control and operate the underlying Internet infrastructure, from submarine cables to data centers? Who will shape the future of data routing? How will we protect both privacy and security, online and offline? How will we better protect ourselves against the ever-growing and rapidly evolving cyber threats? “
Every day, the Department of Homeland Security addresses these issues, which are not limited to the great game that exists between democratic and authoritarian governments, as they also include the relationship between government and private sector entities, ”he said. he declares.
DHS works with other agencies to provide protection
While some IT officials are calling for an independent federal body to oversee cybersecurity, Mayorkas detailed some of the agencies that are already doing this work. “Take the US Secret Service, which is part of our department, and is charged with not only protecting the president, but also actively combating ransomware and a slew of other cyber crimes,” he said.
“We are looking at the TSA, known to protect airport security, as many of us know, which maintains regulatory authority over the pipelines, which we exploited in the wake of the Colonial Pipeline ransomware attack, to take urgent and critical measures to better protect against immediate attacks. cyber threats.
Mayorkas also highlighted the work of the Coast Guard, which he said “saves thousands of lives at sea every year, and also protects the shipping system from cyber threats.”
Finally, he pointed to DHS’s Cybersecurity and Infrastructure Security Agency, which he called “the federal government’s quarterback on cybersecurity.” CISA strengthens our cyber resilience and provides owners and operators of critical infrastructure, cities and states, businesses and organizations of all sizes, and even hospitals and schools, with the tools they need to defend against cyber attacks.
LOOK: Learn more about ransomware and the challenge of defending against it.
DHS to deal with open questions on cybersecurity
Mayorkas acknowledged that DHS had many unresolved but important issues to address, saying, “We invite fierce debate. Take, for example, data routing. There are some open questions we just can’t ignore, to protect data as it travels around the world:
- “Should the US government take a more proactive role in shaping data flows, or are we leaving that responsibility to the private sector?
- “How can we ensure that US technology companies remain at the heart of the Internet infrastructure at all layers, from the edge to the center, as we move forward?
- “How are we going to set the rules, how are we going to balance the priorities of the United States and our allies to create more openness, connectivity and freedom, as autocratic regimes like Russia and China claim a more control with less transparency or accountability?
“The point is that the strength of our democracy, the promotion of a free and open Internet, the fairness of our economies and the security of our communities is a shared responsibility that is more timely and relevant than ever.”
Easterly calls for collaboration to thwart cybercrime
Mayorkas’ speech followed a previous address by Jen Easterly, the new director of CISA. In his speech, Easterly called for cooperation between government and the private sector to tackle cyber threats.
“The world is incredibly digital, and the volume, variety and speed of data continues to grow. And we know it’s a good thing, ”she said. “It brought us closer as humans. It helped us to solve problems. We have improved our quality of life. But as we’ve connected more platforms and devices to the internet, we’ve increased the attack surface, as we all know, and we’ve increased vulnerabilities.
“So now there’s a cyber attack every 40 seconds or so. One in 10 of those 1.8 billion websites leads you to malware. The damage caused by cybercrime runs into the trillions of dollars. And, as we all know, ransomware has become a plague affecting all Americans across society, with attacks on schools, hospitals, municipalities, pipelines, meat wrappers, and all kinds of software.
Easterly said CISA cannot meet its cybersecurity goals on its own “because over 80% of critical infrastructure is in private hands. So, this has to be an effort where we come together and collectively leverage our imaginations and collaboration to help secure our cyber ecosystem. “
Easterly announced that one of his priorities for CISA is “to ensure that we maximize this power to cultivate and strengthen the incredible partnerships we have, especially with industry, with academia, with researchers, with the hacker community, to ensure that we harness the best and brightest in this community for the collective defense of the nation. “