Will President Biden’s Cybersecurity Bills Stand the Test of Time?
The scale and sophistication of modern cyber-attacks require greater cooperation between all stakeholders to defeat the menace. We hear from experts how public and private organizations can leverage President Biden’s new cybersecurity bills to enhance cooperation in the coming days.
President Biden’s new cybersecurity bills were introduced to bolster the cybersecurity of federal and state government departments and agencies. But could these new bills foment a fresh wave of public-private partnerships and standardize the sharing of advanced cyber defense tools? Let’s hear from experts.
U.S. President Joe Biden recently signed legislation to establish a cyber workforce to initiate and enhance cybersecurity coordination across all government levels.
The “Federal Rotation Cyber Workforce Program Act” establishes a rotational plan to give cybersecurity and IT experts the chance to hone their skills by working in multiple federal departments. The second bill, “The State and Local Government Cybersecurity Act,” aims to bring together the Department of Homeland Security and local governments. Together, they can fight cybercrime more successfully. This bill also mandates the National Cybercrime and Communications Integration Center (NCCIC) to share with all fifty states its security tools and procedures for dealing with cyber criminals.
Could these new bills foment a fresh wave of public-private partnerships and standardize the sharing of advanced cyber defense tools? Or would national security concerns play spoilsport with interagency collaboration and other collaborative efforts? Let’s hear from leading cybersecurity industry experts about what they think.
Five Ways President Biden’s Initiatives Can Be Leveraged To Strengthen Cybersecurity
Combating video conferencing risks
What the world needs to know and what the government must be alerted to is that purpose-built spyware exists that can steal your camera, microphone and audio stream from your video conferences, warns George Waller, the EVP of Zerify. He says that many video conferencing providers that have not adopted a zero-trust architecture put their customers at a high risk of zoombombing style attacks because they do not authenticate every user while entering into a video conference. “These vulnerabilities have far-reaching implications given our current hybrid/remote workforce environment.”
“With Biden’s two new bills signed as laws, we feel it’s imperative that a task force devote efforts to video conferencing as more and more Americans continue working from home and rely on these platforms multiple times daily for the most critical discussions,” Waller suggests. These critical discussions include “classified government materials, mergers and acquisitions information, quarterly financial business details and health matters” that could compromise HIPPA laws and patient privacy, and “video conferencing security must be a part of these conversations.”
“As DHS is required to increase collaboration among state, local, government entities and more, it is our hope that this includes consideration of collaborative technologies and the way that companies commonly conduct business through video conferencing platforms today.”
“It is our hope that under the umbrella of Biden’s cybersecurity task force, a subsidiary task force will form to hone in on collaborative communications.”
– George Waller, EVP, Zerify
“We see this as an imperative call to action. A focus on video conferencing cybersecurity is crucial as we continue to hear news of more cyber-attacks in 2022, Waller adds.
See More: Security Risks Associated With Video Conferencing: Why Zero Trust Is Essential
Making Zero Trust the new norm
The bill’s purpose will fail if organizations don’t do more to secure their networks. The President’s ZTA mandate should serve as a wake-up call for organizations that have not adopted the idea yet. Tetrate co-founder Varun Talwar provides a roadmap for how organizations should reorient their approach toward securing their networks and data. Talwar believes that enterprises need to secure their data and applications from the inside out, not just outside.
“The U.S. government has set and enforced updated security standards, and enterprises can use the same approach – implementing zero-trust approaches (ZTA) can immediately protect against cyberattacks of all kinds, whether they come from cyber criminals, freelance hackers, foreign governments or from within the enterprise itself.”
He says, “The old approach to cybersecurity is to build a wall around a company’s data and I.T. infrastructure. Then try to patch the wall after each successful attack. We recommend a proactive approach. Organizations should protect their I.T. assets using zero trust, as recommended by the U.S. Government, and micro-segmentation; these approaches continue to work even when hackers breach corporate firewalls. Attackers are getting more sophisticated; companies need to modernize their infrastructure now to meet this fast-growing challenge.”
Further scope for collaboration
Jon Geater, chief product and technology officer, RKVST, thinks this legislation shows real commitment to a modern strategy for cybersecurity in the U.S. based on principles of collaboration, transparency and secure information sharing. “The zero trust fabric enables safe sharing of information among all relevant stakeholders to power better quality decision making and deliver robust, resilient operations in the face of a highly dynamic threat environment.” Geater notices strength in numbers.
“If all the good guys are able to share their threat intelligence and posture information through dedicated expert networks such as the Multi-State ISAC to get the right information in the right hands at the right time, we’ll have a much more resilient digital infrastructure.”
– Jon Geater, chief product and technology officer, RKVST
Bridging the skills gap
Gabe Dimeglio, V.P. and executive advisor of security at Rimini Street, says, “There are a lot of excellent resources that are unfortunately underutilized by the public sector for reasons like skill set limitations and budget. It’s great that this bill provides not only funding for training but also funding to assist with security control selection and utilization.”
See More: How to Fix the Skills Gap in Your Organization
Strengthening cooperation with law enforcement
Many organizations scramble to engage with law enforcement during a cyber incident. “So we highly recommend building a relationship with your local FBI field office (InfraGard is a great way to do this) as part of your cyber response playbook,” says Dimeglio. “You can put in place a comprehensive plan that can be executed immediately rather than losing hours or sometimes even days waiting on navigating law enforcement assistance.”
In conclusion: Finding strength in unity
Representative Joe Neguse, who introduced this bill, stated: “For hackers, state and local governments are an attractive target — we must increase support to these entities so that they can strengthen their systems and better defend themselves from harmful cyber-attacks.”
Due to the complexity of existing cyber-attacks, local governments require assistance from federal authorities. These recently established laws will help build a larger network of knowledgeable authorities and individuals fighting cybercrime.
David Nuti, SVP of Nord Security-North America (NordVPN), says that security is a constantly active feedback loop of monitoring and learning from current and past threats and putting that experience and knowledge back into the prevention layer. And collaborating with the private sector on this is also critical.
“You need an aggregate of cybersecurity defense and expertise in order to match up against the aggregate of global threat actors looking to do harm,” Nuti adds.
Do you think the new laws could rein in the rising number of cyberattacks? Let us know on LinkedIn, Facebook, and Twitter. We would love to hear from you!
MORE ON CYBERCRIME MANAGEMENT
