Cybersecurity Concerns Drive Governmental Action [Weekly Cybersecurity Brief]

cyber security innovation in 2021
Share on facebook
Share on linkedin
Share on twitter
Share on email
Share on whatsapp

From SolarWinds to the Colonial Pipeline and recently reported USAID attack, many sectors have had to reevaluate how they view cybersecurity, government certainly being one of them. Now governing bodies including agencies, congressional committees and the White House are taking further steps to support and oversee unified cybersecurity efforts.

Following the Colonial Pipeline ransomware attack that stirred disruptions and panic, NPR reported that the Transportation Security Administration has released new reporting requirements for operators. Pipeline operators must now notify the federal government of any cyberattacks within 12 hours of detection. The requirements also dictate that companies appoint an “on-call cybersecurity coordinator” to handle coordination with the government and conduct an audit of their cybersecurity practices. If companies do not report such events to the Cybersecurity and Infrastructure Security Agency within the allotted time, they could face fines that amount to around $7,000 per day. As the NPR report states, “[The Department of Homeland Security] says about 100 systems are considered critical and fall under the new directive.” A DHS official also told NPR that they hope this will instill a “collaborative relationship.”

The House Science Committee, a bipartisan congressional group, is also putting forth its own initiative to address cybersecurity concerns. As an article for SpaceNews shared, the committee has requested that the Government Accountability Office look into the state of NASA’s cybersecurity practices and what risks they may encounter. A letter that the committee wrote asking for this investigation did not outline any specific breach to NASA’s programs that led to this call for assessment but pointed instead to the issue of predicted growth in cyber threats “to NASA’s computer networks from internet-based intrusions,” as SpaceNews reported. The committee also shared that the consideration of other recent attacks on federal government institutions drove this decision to suggest a review. On behalf of NASA, Kathy Lueders, NASA associate administrator for human exploration and operations, said that while the Solar Winds incident was certainly a reminder of the urgency for cybersecurity measures, she emphasized that NASA has continued to prioritize cybersecurity. 

In other news, the Biden administration continues its pursuit of progressing cybersecurity measures. FedScoop reports that the administration has requested $500 million to go toward the federal government’s Technology Modernization Fund and $9.8 billion for “civilian cybersecurity programs across the government.” This request comes after a $2 billion investment in an emergency funding initiative designed for cybersecurity modernization. According to FedScoop, the budget proposal states that, “… these investments are an important down payment on delivering modern and secure services to the American public.” This comes after another federal agency, he U.S. Agency for International Development, revealed that it had experienced a cyberattack. 

Key Takeaways:

“In Wake Of Colonial Attack, Pipelines Now Must Report Cybersecurity Breaches” – Brian Naylor, NPR

 https://www.npr.org/2021/05/27/1000694357/in-wake-of-colonial-attack-pipelines-now-must-report-cybersecurity-breaches

  • Following the Colonial Pipeline ransomware attack, the TSA has released new reporting requirements for pipeline operators.
  • Operators must now notify the federal government of any cyberattacks within 12 hours of detection.
  • The requirements also dictate that companies appoint an “on-call cybersecurity coordinator” to handle coordination with the government and conduct an audit of their cybersecurity practices.

“Congress asks GAO to investigate NASA cybersecurity” – Jeff Foust, SpaceNews

 https://spacenews.com/congress-asks-gao-to-investigate-nasa-cybersecurity/

  • The House Science Committee has requested that the Government Accountability Office look into the state of NASA’s cybersecurity practices and what risks they may encounter.
  • A letter that the committee wrote asking for this investigation did not outline any specific breach to NASA’s programs that led to this call for assessment but pointed instead to the worry over the growth in cyber threats.
  • This concern has been raised after other governmental institutions were impacted by cybersecurity events such as the Solar Winds attack.

“White House allocates $9.8B to cybersecurity in 2022 budget request” – Billy Mitchell, FedScoop

 https://www.fedscoop.com/white-house-allocates-9-8b-to-cybersecurity-in-2022-budget-request/

  • FedScoop reports that the Biden administration has requested $500 million to go toward the federal government’s Technology Modernization Fund and $9.8 billion for “civilian cybersecurity programs across the government.”
  • This request comes after a $2 billion investment in an emergency funding initiative designed for cybersecurity modernization.
  • The budget proposal states that, “… these investments are an important down payment on delivering modern and secure services to the American public.”

Discover More: