NSA Official Calls for Legislation Raising Minimum Cybersecurity Standard for Companies
The government needs to enact new laws forcing companies to replace older software and computers that carry easily fixable vulnerabilities, according to one cybersecurity official.
Rob Joyce, head of the National Security Agency’s Cybersecurity Directorate, said Americans need to pay their “historical tech debt” before smaller-scale hackers get their hands on more advanced technology, Nextgov reported.
“We have to be investing in organizations that will track, follow and upgrade to close out those vulnerabilities and from where I sit, there’s probably going to have to be some regulation over time,” Joyce said during the sixth annual Defense One Tech Summit.
He said that raising the “bare minimum” cybersecurity standard for companies of all sizes would go a long way in preventing attacks such as the one that hit Colonial Pipeline.
The attack, which was linked to a Russia-based criminal group, crippled the company’s computer systems and forced it to temporarily shut down operations.
Joyce expects low-level criminals to more widely adopt emerging technologies like artificial intelligence, which, he notes, is already used for cybercrime grunt work.
The federal government is already working to raise the cybersecurity standard in the defense industrial base through the Department of Defense’s Cybersecurity Maturity Model Certification program.
Business leaders have warned that uncertainty over the program’s cost could push small businesses out of the defense industry, FedScoop reported.
Joyce said that without legislation, companies do not have enough incentive to phase out old hardware and software because of the cost of upgrading.
Tags: CMMC Colonial Pipeline cybersecurity Defense Industrial Base Defense One Tech Summit Department of Defense legislation National Security Agency Nextgov NSA Rob Joyce Russia standard