The Cyber-view From DC

It was a busy end of May for cybersecurity in our nation’s capital. The White House Office of Management and Budget issued a report saying that most federal agencies are not prepared for cyberattacks, while noting that almost three quarters of the agencies assessed have programs that are at risk or high risk.  At nearly the same time, the FBI reported a botnet with ties to Russia has infected the nation’s routers and that they should all be rebooted.   Now, the Department of Commerce and Department of Homeland Security (DHS) has released a report on how the federal government can combat botnets or networks of infected internet-connected devices that can be leveraged by hackers. The report listed six principal themes for reducing distributed threats including: 1) working closely with international partners as these are global threats; 2) utilizing tools that are available but not being commonly used; 3) ensuring devices are secured through all stages of their “lifecycle;” 4) boosting education and awareness of botnets for businesses and citizens; 5) changing market incentives to encourage security; and 6) collaboration to address an ecosystem-wide problem. 

To address these, the DHS report outlines five goals: 1) Identify a clear pathway toward an adaptable, sustainable, and secure technology marketplace; 2) Promote innovation in the infrastructure for dynamic adaptation to evolving threats; 3) Promote innovation at the edge of the network to prevent, detect, and mitigate automated, distributed attacks; 4) Promote and support coalitions between the security, infrastructure, and operational technology communities domestically and around the world; 5) Increase awareness and education across the ecosystem.

This report was not unexpected. A year ago, President Trump signed an executive order directing Commerce and Homeland Security to issue a report about combating botnets and automated and distributed attacks, with a deadline of one year.   Given these facts, what’s Washington to do about cyber security? The report outlines some steps, but it appears it would take an advocate in the White House to help agencies improve the very cybersecurity programs the initial report calls deficient. Unfortunately the White House eliminated the top cybersecurity post several weeks ago, and although organizing a plan to execute the goals of this latest report would be right in the cyber czar’s swim lane, the responsibilities of White House cybersecurity coordinator have now been delegated to two members of the National Security Council’s team.

Sources: 