Is CISA’s new public/private collaborative a sign of desperation for American cybersecurity?

Op-ed views and opinions expressed are solely those of the author.

It is no secret that over the past 6-plus months of the Biden administration, America has become a veritable pin cushion for repeated and deeply penetrating cyberattacks that have pierced virtually every sector of the US economy and critical infrastructure. Regardless of whether that may be as a result of political reasoning, ineptitude, or the overall perception of American vulnerability under our clumsy new leadership that has fumbled everything from the economy to the southern border, it is a persistent problem that is showing no signs of slowing.  

Some of the more high-profile hacks recently seen include those against Colonial Pipeline, beef supplier JBS, Kaseya and Apple, and these have all occurred as American entities both public and private are still reeling from the historically far-reaching SolarWinds attack.

During this time, the American intelligence community and national security apparatus has seemed to continually roll out initiative after initiative in an attempt to mitigate the threat from future attacks, as victimized entities scramble to assess the still uncalculated damages from the most active period of high-profile hacking that the world has ever seen.

Among the initiatives announced by the Department of Homeland Security (DHS) was the “Reduce the Risk of Ransomware Campaign,” and an increase in Federal Emergency Management Agency (FEMA) grants. The FEMA plan, which was released in the early stages of the new administration, would allow state and local governments to receive grant money from the agency as long as a minimum of at least 7.5% of the award was spent towards improving cybersecurity in the recipient’s jurisdiction.

This kind of grant spending that is being doled out by FEMA is actually expected to grow by $1 billion if the recent Senate-approved $1.2 trillion infrastructure bill is able to gain approval in the House and eventually be signed into law by President Biden. As it is currently written, the bill would call for $200 million in new grant spending available in 2022, $400 million in 2023, $300 million in 2024 and $100 million in 2025. The criteria for allocating the grants will be defined by the experts at the Cybersecurity and Infrastructure Security Agency (CISA).

And speaking of CISA, perhaps the most notable of these new initiatives was recently announced by the newly-minted director, Jen Easterly, who was finally confirmed to her post in July months after being nominated. Easterly is the first non-interim appointee to the post since Christopher Krebs was fired by President Trump in late 2020 in the wake of his controversial statements in regard to the security of the 2020 presidential election. 

In some of her first public statements since taking the reigns at CISA, Easterly, who curiously sported a “Free Britney” t-shirt during her speech, announced the creation of the new Joint Cyber Defense Collaborative at the Black Hat cybersecurity conference on August 5th. The CISA led initiative is in part an effort to harness the expertise of the public sector, namely the companies that comprise what many refer to as the “Big-Tech” monopolists currently dominating the Silicon Valley scene, in an effort to help the US defend itself against cyber-attacks against critical infrastructure and other valuable targets.

When considering these enormous entities, regardless of what conservatives may think about their obvious anti-Trump sentiment and transparent blanket censorship efforts, Amazon, Google and Microsoft, are among the most competent and well-versed companies in the cybersecurity space. 

For starters, Microsoft, the company behind one of the most commonly used anti-virus suites, Microsoft Defender Antivirus (formally Windows Defender), also employs the elite Microsoft Detection and Response Team (DART). DART already is experienced in working with outside security organizations globally in providing investigative services to both governmental and commercial entities, including some of the most favorable targets available to for-profit hacking groups around the world in the financial sector.

Amazon Web Services and Google Cloud Services also maintain among the more competent staffs in the security sector in their efforts to protect their millions of global customers from the inescapable and constant online threats the continue to proliferate at an unprecedented rate, currently.

This type of real-world experience in dealing with emerging threats in real-time is exactly the kind of expertise that is needed to improve the Biden administration’s current strategy, one that far too often sees it playing catch up in the high stakes international cat and mouse game currently taking place in the cybersphere.

With the rise of international state-sponsored Advanced Persistent Threats (APTs) and the reality of a growing global cyberwar materializing before our eyes, it seems that CISA’s new direction under Jen Easterly is a well-calculated response. Even if it is perhaps born out of desperation. 

Julio Rivera is a business and political strategist, the Editorial Director for Reactionary Times, and a political commentator and columnist. His writing, which is focused on cybersecurity and politics, has been published by websites including Newsmax, Townhall, American Thinker and BizPacReview.

Julio Rivera

Comments

Latest Articles