Cybersecurity policies
Nominees for Top Cyber Posts Back Mandatory Cybersecurity Standards in Critical Sectors
Jen Easterly and Chris Inglis, nominees for two of the highest cybersecurity positions in the federal government, said they favor imposing mandatory cybersecurity standards on critical infrastructure organizations.
During a Senate hearing, Easterly and Inglis said that voluntary standards failed to fend off the advanced persistent SolarWinds attack and the ransomware attack against Colonial Pipeline, FCW reported Thursday.
Easterly is President Joe Biden’s pick for director of the Cybersecurity and Infrastructure Security Agency.
She floated the idea of requiring companies in critical infrastructure sectors to alert the government of any breach, among other standards.
DHS defines critical infrastructure sectors as those whose assets, systems and networks are essential for security, national economic security or national public health and safety, according to CISA.
The government currently recognizes 16 such sectors, including the defense industrial base and emergency services. Lawmakers have introduced legislation that would add the space systems sector to the list.
Inglis is Biden’s nominee for national cyber director, a newly established role that would serve as the president’s principal cybersecurity adviser and lead the government’s cybersecurity efforts.
Asked about his stance on ransomware, Inglis acknowledged that some companies have no option but to pay the ransom to stay in business.
He said companies should be held accountable not for paying the ransom but for being unprepared for an attack.
The industry-led Ransomware Task Force recently pegged the average ransomware payment in the third quarter of 2020 at $233,817, nearly five times as much as the average from a year before.
Category: Cybersecurity