Cyber official warns ‘American way of life’ at risk from hackers
A top U.S. cybersecurity official offered a dire warning to members of Congress on Wednesday, saying the "American way of life" faces serious risks amid the drumbeat of ransomware attacks and physical threats to the nation's critical infrastructure.
Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, known as CISA, told the House Homeland Security Committee Wednesday that "ransomware has become a scourge on nearly every facet of our lives, and it's a prime example of the vulnerabilities that are emerging as our digital and our physical infrastructure increasingly converge."
Her appearance, aside National Cyber Director Chris Inglis, comes as the private sector and governments have grappled with pervasive cyberattacks during the last 12 months. Some attacks, including the Colonial Pipeline Co. breach in May, have led to gas shortages, disrupted supply chains and exposed federal systems to significant compromise.
Easterly's testimony came after CISA issued a binding operational directive that would create a catalog of known exploited cybersecurity vulnerabilities and would require federal agencies to fix these flaws within specific time frames. It would apply to all software and hardware on federal information systems, including those managed by an agency or hosted by third parties.
While the directive would only apply to federal agencies, Easterly said in a statement she wants every organization to adopt the directive "and prioritize mitigation of vulnerabilities listed in CISA's public catalog."
Rep. John Katko, a Republican from New York, said, "The volume of alerts, advisories, and directives goes to show the pervasiveness of vulnerabilities affecting owners and operators of critical infrastructure, and federal networks."
Inglis said that privately owned critical infrastructure, which accounts for 85% of the total, is "increasingly core to the government's imperative to protect and provide for national security."
"Shared defense is not a choice but an imperative," Inglis said.
Inglis said he is working with the White House on a forthcoming executive order that would provide additional clarity on the roles and responsibilities for his newly created post, which is expected in the coming weeks to months. The Office of National Cyber Director was created by Congress earlier this year, and the role was designated as the top official overseeing cyber strategy and budgets within the government.
But lawmakers have raised concerns that it overlaps with authorities of CISA's Easterly and the White House's Anne Neuberger, the deputy national security advisor for cyber and emerging technology. The goal of the executive order is to provide clearer parameters around the new role, Inglis said.
Both Katko, the top Republican on the panel, and Rep. Bennie Thompson, a Democrat from Mississippi and the panel's chairman, have placed a rare bipartisan emphasis on the importance of countering cybersecurity threats and offering praise for CISA's efforts. President Joe Biden has called cybersecurity a "core national security challenge," and has since rearranged parts of the U.S. government to reflect new priorities.
Thompson, who also chairs the House select committee on the Jan. 6 attack on the U.S. Capitol, also raised concerns of misinformation as key elections played out in Virginia and New Jersey. "Just yesterday, voters went to the polls to cast their ballots even as efforts to push the Big Lie and erode public confidence in democratic institutions persist," Thompson said.
Inglis told members of Congress that there has been a "discernible decrease" in cyberattacks by Russia-based groups since President Joe Biden met with Russian President Vladimir Putin in June.
"It's too soon to tell whether that's because of material efforts taken by the Russians or the Russian leadership," he said. "It may well be that the transgressors in this space have simply kind of lain low understanding that this is — for the moment — a very hot time for them."
"We need to make sure that the continues to be the case," Inglis said.