Our nation is facing some of the most daunting cybersecurity challenges in history. As the new Office of the National Cyber Director (ONCD) gets fully staffed and running, little is more important to the nation's security than making sure the right people are in the right places to address these dynamic challenges. Bringing private industry expertise into the national security ecosystem is the best way not only to prepare and protect but also to evolve the nation's security for the future.
A Field of Challenges
One year ago, the Colonial Pipeline ransomware attack became a defining moment for the nation's cyber strategy. In addition to being economically disruptive, this attack opened our eyes to the seriousness of the threat to critical infrastructure through purely IT intrusions. Previously, most of the thinking from policymakers centered on threats to critical infrastructure through OT systems.
Other incidents revealed the risk we face from scaled attacks. For example, last July dozens of managed security providers were affected by the REvil Kaseya hack. This attack, propagated through a malware-infected hotfix pushed out by Kaseya, affected more than 1,000 organizations, including many that rely on managed service providers to provide their security. Last fall, the Log4Shell vulnerability alerted organizations to the risks of widespread, easily exploited, and lingering vulnerabilities.
The Biden administration, to its credit, has elevated cybersecurity as the priority that it should have been long ago, taking the most aggressive measures that I've ever seen. These include an unprecedented meeting last August between industry leaders and president himself that has led to serious commitments from industry leaders and stronger private sector security buy-in. Their work across a range of issues can be seen through the Cybersecurity Coalition, Cyber Threat Alliance, and the Ransomware Task Force.
The Threat Hasn't Diminished
For all the progress made in a mere 12 months, the threat itself continues to morph and increase. It's critical that we redouble our efforts and build on what has worked well — an excellent place for the ONCD to pick up the baton.
The government certainly has its work cut out for it, with Russia's war in Ukraine sitting firmly atop the priority list. Many people, myself included, expected an increase in Russian cyberattacks against western interests. While there has been some increase in activity, large-scale attacks have not occurred. This could change quickly, as this war seems far from over. The ONCD will need to continue working with the national security community to defend the homeland.
All of this has forced into the open a debate over war exclusions in cyber insurance. At the policy level, cyberattacks attributed to state-actors could trigger such provisions. Major players like Lloyds of London and Marsh are grappling with how to respond, especially if the war expands. The US should consider its role in this issue, and continue to leverage industry leaders and expertise to understand the complexities of this risk.
Beyond Russia, the American midterm election process is underway. As the general election approaches this fall, expect to see increased cyberattacks and disinformation. Does this mean the government will shift focus from Ukraine? If so, does that give Russians and aligned actors a clear path to attack western interests? At a recent conference on ransomware, top government officials indicated that combatting ransomware would remain a priority but this will require experienced, steady leadership to navigate.
The Right Expertise
The Biden administration recently announced the appointments of Kemba Walden, Neal Higgins, and Rob Knake to the ONCD. These picks are key indicators of the value the office will hold within the administration and the priority that President Biden places on cybersecurity. In fact, Walden served as co-chair of the Institute for Security and Technology's Ransomware Task Force, which included Resilience's chief claims officer, Michael Philips. Their work culminated in a published report that includes recommendations for addressing the unprecedented rise in ransomware attacks.
For the first time, cybersecurity has been named a "national security threat," and the administration is taking action to reflect the complexity of challenges associated with cybersecurity. As the threat persists, the growth of the ONCD is a signal that the right experience and skills will help us fight this fight.