Federal Cybersecurity Leaders Testify on State of Ransomware – GovTech
Federal cybersecurity leaders testified to a House committee yesterday about the challenging ransomware environment and the road ahead for better protecting state, local and private-sector partners.
National Cyber Director Chris Inglis, Cybersecurity and Infrastructure Security Agency (CISA) Executive Director Brandon Wales and Assistant Director of the FBI’s Cyber Division Bryan Vorndran spoke about the importance of raising state and local officials’ awareness of existing, free cybersecurity resources. The witnesses also urged mandatory incident reporting while acknowledging that the federal government needs to make a more streamlined and cohesive reporting process.
The hearing came on the heels of the House Committee on Oversight and Reform’s memo on ransomware released earlier that day, which reported preliminary findings of an investigation into attacks against three major victims during the past year: CNA Financial Corporation in March, Colonial Pipeline in May, and JBS Foods in June.
“We are at a tipping point, as cyberattacks have become more common and potentially more damaging,” said committee chair Rep. Carolyn Maloney.
A committee press release further underscores the scope of the problem, estimating that “ransomware-related transactions in 2021 will be higher than the previous 10 years combined.”
Fresh funding is coming down the pipeline to help combat cyber threats, with Biden’s infrastructure bill delivering $1 billion to state, local, tribal and territorial governments’ cybersecurity efforts, as well as furnishing Inglis’ new office with $21 million.
The pending Build Back Better Act also would empower CISA with more money, including with $80 million for CISA and the Federal Emergency Management Agency (FEMA) to direct to boosting state, local, territorial and tribal governments’ cybersecurity training and recruitment.
CYBER RESOURCES: FREE, BUT UNNOTICED?
Even just one employee making a small mistake, such as using a too-simple password, can be enough for hackers to gain access to the enterprise, the committee memo noted. And to fend off ransomware, it’s not enough for some individuals to adopt more cyber secure behaviors — entire organizations and communities need to get on board, too, Wales said.
But smaller organizations may not know what steps to prioritize or may lack the budgets and tools to tackle them.
Wales said there are plenty of free tools and services, including from the Multi-State Information Sharing and Analysis Center (MS-ISAC) and CISA. The latter offers supports that include an online catalog of known vulnerabilities that organizations are encouraged to prioritize patching and a stopransomware.gov website with guidance and resources, Wales said.
…….
Source: https://www.govtech.com/security/federal-cybersecurity-leaders-testify-on-state-of-ransomware