New defense legislation is expected to help the US government in its response to the Russian-sponsored SolarWinds hack.
The annual National Defense Authorization Act (NDAA), which became law last week after Congress overturned President Trump
Donald Trump McConnell circulates proceedings for second Senate indictment over Trump Trump proposes to build own platform after Twitter ban: 18 percent of Republicans support MORE in Capitol‘s veto, has formally instituted a cybercar position in the White House, in addition to granting numerous other cyber security powers that could help the incoming Biden government respond to the Russian hack.
“Once this individual is appointed and confirmed, it is the person who coordinates the response,” Rep. Jim Langevin
James (Jim) R. LangevinSenate approves defense bill to draft cybercrime position, sue cybercrime force on Chinese National Security Threats | Biden says China must play by ‘international norms’ House Democrats use the Markup app for MORE votes for leadership contests (DR.I.), one of the most important members of Congress who campaigned for the inauguration of the national cyber director position, told The Hill this week.
The national cyber director, confirmed by the Senate, could play a critical role as federal agencies wrestle with the depth and breadth of the SolarWinds hack.
“Instead of responding ad hoc and finding out as we go, you would have someone who has a well-thought-out plan for a thorough and aggressive response, and we would be much more effective,” Langevin said about ‘ an answer to the SolarWinds. cap.
US intelligence agencies this week formally accused Russia was behind the attack on IT company SolarWinds, which had already hit customers such as Fortune 500 companies and most federal agencies in March.
The departments of trade, defense, energy, homeland security, justice, state and treasury all said they were compromised by the hack.
SolarWinds reported last month that about 18,000 of its customers are likely to be affected. Microsoft and cyber security group FireEye have both confirmed that they are affected.
“This is a massive, massive issue that definitely affects governments, but in all likelihood has major consequences outside of government, down to the private sector that we are still in the early turn of understanding,” said Amit Yoran, chairman and executive head of the cyber security group said. Durable.
The executive has been without a formal cyber security leader since 2018, when former national security adviser John Bolton
John Bolton Shocked GOP ponders future with Trump Calls to get tougher to remove Trump under 25th Amendment John Bolton argues against calling for 25th Amendment against Trump MORE eliminated the role as a way to reduce bureaucracy.
The move came a year after the state department got rid of its cybersecurity coordinator’s office, making it more difficult for the government to coordinate on international cyber security issues.
Elected President Joe Biden
Joe BidenUS judge blocks Trump administration’s restrictions on asylum McConnell circulates proceedings for second Senate indictment over Trump Top official recalled by Trump then resigns letter to say departure in protest MORE will probably take a very different approach to cyber leadership.
“We need to be able to innovate and present our defenses against growing threats in new worlds like cyberspace,” Biden told a news conference. last month while addressing the SolarWinds attack.
Biden has not yet nominated an individual to fill the cyber tsarepos, and a spokesman for the transition did not want to comment on who might be considered.
Langevin said he hopes Biden would consider former officials such as Michael Daniel, who serves as special assistant to former President Obama and cyber security coordinator in the National Security Council; Suzanne Spaulding, former director of the predecessor agency of the Cybersecurity and Infrastructure Security Agency (CISA); and Chris Inglis, former deputy director of the National Security Agency.
“I was in touch with someone at the highest level in the Biden team, and hopefully we will have a national cyber director sooner rather than later,” Langevin said.
Although the post has not been filled, it appears that another important cyber security role that could help with the response to the SolarWinds attack has been locked up.
Politico Reporter On Thursday, Biden would soon appoint Ann Neuberger, director of the National Security Agency’s cyber security directorate, to fulfill the newly created role of deputy national security adviser for cyber security in the National Security Council.
The Biden transition spokesman declined to comment on the matter, but said: “The Biden-Harris administration will make cyber security a top priority, and increase it today as a necessity throughout the government.”
“We will strengthen our partnerships with the private sector, academia and civil society; renew our commitment to international norms and involvement in cyber issues; and expand our investment in infrastructure and the people we need to effectively defend the country against malicious cyber activities, ”the spokesman added.
The two new positions are not the only new powers the federal government is responding to cyber threats.
The massive defense protection bill included more than two dozen other clauses based on recommendations compiled by the Cyberspace Solarium Commission (CSC), a congressional group made up of lawmakers, federal officials and leaders in the industry to draw up a road map for the defense of the USA. in cyberspace.
Some of their recommendations included in the bill were clauses that enabled CISA to conduct cyber threats within an agency’s network, a force that may have notified officials earlier of the SolarWinds cap.
The defense bill also gives CISA the power to issue summonses to Internet service providers, forcing them to disclose information about cyber-vulnerability in the networks of critical infrastructure organizations.
“I think a lot of the recommendations and things in the NDAA will help and be pretty influential,” Yoran said.
Langevin said he hoped the Biden government would work quickly to put the new authorities in place to ‘get the body’ at the growing risk posed by opponents in cyberspace.
“I am already impressed with the national security team that President Biden is putting together,” Langevin said. “It’s going to be a bit expensive, but I want to make sure we implement the provisions that are in the law, and together they will both be a great way to protect the United States in cyberspace.”