Towards the end of 2020, the incident known as the SolarWinds Orion Cyberattack was discovered by the company FireEye. At that time, there was no knowledge on the extent of the damage done until it was seen in their customer systems.
SolarWinds is an IT firm in the US that suffered from one of the worst cyber-attacks that flew under the radar for months before it was finally detected. It was believed that the attack originated from Russia with an intention to breach the top US government agencies and private firms alike to monitor private information. The Texas-based firm, SolarWind, was targeted for its Orion systems, planting a malware into the central framework to allow the harmful code to propagate.
In another incident, a company from Alpharetta Georgia called Colonial Pipes also fell victim to a cyber-attack in recent months. This time, it was a ransomware that penetrated the system, taking hostage pertinent files and data that would require payment of a large sum for it to be given back to the owning company. It was believed to originate once again from Russia as a group that is linked to the country is suspected to be behind this attack. Colonial Pipeline serves to transport hundreds of millions of gallons of gasoline across states in the US and debilitating them would mean a huge loss to the business and to the economy.
These are just some examples of the major threats to cybersecurity the United States of America has experienced in recent history. There were countless others that have ravaged through the IT infrastructure of the country, leaving everyone to wonder if the government is doing enough to address this vulnerability, at a time when companies are doing all they can to improve their cybersecurity.
In his first 100 days in office, US President Joseph R. Biden has made it a priority to strengthen national security through fortifying the country’s cybersecurity. He has instilled budget increases to major government agencies, placed people he knew could get the job done and has taken the fight to combat these vulnerabilities.
Funding the Fight Against Cybersecurity Threats
There is a commendable difference in budget for most government agencies in the Biden administration when compared to the year before his inauguration.
· The US Department of State (DOS) is the 2nd largest recipient of this increase at 20.4% following the previous year. It’s budget now stands at $488.6 Million to ensure the protection of data for international relations and foreign affairs.
· The biggest increase in budget is allocated to the department of energy, out-increasing DOS by 0.3%.
· The Department of Defense (DOD) still stands as the most funded agency for the cyber budget, chiming in at $9.8 Billion. The Biden administration is convinced that the DOD aims to support the Pentagon’s initiatives on both the defensive and offensive end of this fight on cybercrimes against the country.
· The Department of Treasury and Department of Commerce are the two agencies that received massive cyber budget cuts at -25.9% and -26.5%, respectively. They are, however, still the 4th and 7th highest funded government agencies following the Cozy Bear attack, which was the group behind the SolarWinds incident.
· The rest of the agencies such as Department of Security, Justice, Health, and non-CFO agencies split the pie among the remnants of the remaining $8 Billion but still yielding an increase compared to the previous year.
Proceeding to put cybersecurity as the forefront priority of his office, President Joe Biden has elected to put the right people in the right places to ensure the presence of competency.
- US president Joe Biden appointed Jen Easterly as the Director if CISA or the Cybersecurity & Infrastructure Security Agency with initial favorite for the position, Rob Silvers as the Undersecretary for Policy for Department of Homeland Security (DHS).
- The National Security Agency or NSA is now graced by Anne Neuberger as Deputy National Security Adviser for Cyber and Emerging Technology.
- The White House also appointed Chris Ingles as National Cyber Director, making sure federal and private cybersecurity are looked after.
- Other notable names under this administration in the field of cybersecurity are Elizabeth Sherwood-Randall as Homeland Security Advsier, Catilin Durkovich as Senior Director for resilience and Response, and Michael Sulmeyer as the Senior Director for Cyber Security.
Beefing Up the Front Lines
The Federal Bureau of Investigation (FBI), DOD, CISA, and DHS have all been empowered by US President Joe Biden to move forward in this fight against cyber-attacks.
- An executive order by the POTUS aims to create a no-trust mindset towards software vendors and contractors when providing services, giving limited to no access to sensitive systems. It creates stricter conditions where vendors will immediately be dropped from the contract should they fail to deliver the agreements set by both parties.
- The same executive order aims to also create layers of security that further strengthen tightness of access when new security systems have been operationalized and requires contractors to declare vulnerabilities within the infrastructure should they be inevitable.
- An initial response has also been acted on the matter of Cozy Bear by removing 10 distinct Russian personalities from US soil.
- Several Russian companies dealing in the field of information technology have been identified, sanctioned, or tagged as dangerous and high-risk to the US including Positive Technologies due to their ties with private American companies.
- The administration rolled out a partnership with the Energy department to push private owners of electric providers to internally improve cybersecurity capabilities. Minimum requirements dictate detection and response to anomalies in their cyber space as they happen.
Conclusion: What This Means for You
Even with the Biden administration moving forward with concrete plans to ensure the safety of the cyber space it is in everyone’s interest to co-create an infrastructure that is impregnable to such attacks. That said, being a private citizen or a privately held firm, the job of safeguarding cybersecurity relies on everyone’s cooperation and involvement with the government. It trickles down even to the smallest actions of being careful about your internet usage all the way to transacting through networks of data around the country’s IT infrastructure. Needless to say, America must look at itself as a team of 300 million, led by the government in ensuring that history does not repeat itself.