While Nation-States Attack Us, DC Fiddles
Well, I am not sure that anyone in DC is actually fiddling, but they certainly are not doing much to solve the problem.
A panel of policymakers at the RSA Conference in San Francisco this week were very clear on the threat. Salt Typhoon, a China-backed threat group, is particularly scary, having demonstrated uncanny skill in breaching sensitive networks. In fact, panel moderator Frank Cilluffo, director of the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University, said Salt Typhoon’s attacks represent the most egregious cyber espionage against the US ever, adding it crossed a “red line.” However, to date, there has been no penalty imposed.
Panelist Rear Admiral Mark Montgomery said that when it comes to cyberattacks, we are left to rely on the NSA, which can’t operate on US soil and CISA.
Unfortunately, CISA s in the throws of being damaged, possibly fatally.
CISA’s budget has been slashed under the new administration and DHS Secretary Noem was proud to say that she already cut $10 million from CISA’s $3 billion FY 2025 budget (or about one-third of one percent of CISA’s budget). CISA still does not have a director and reports are that the administration plans to fire about forty percent of the agency’s staff. Given all that, CISA is not really very effective at anything right now.
Secretary Noem says that they want to preserve CISA (even though many Republicans want to eliminate the agency in revenge for it saying there was no major voting fraud in the 2020 election).
The Admiral wants to stand up another branch of the DoD (like the Army, Navy and Air Force) to deal with cyber. Given the existing branches cannot staff the existing positions due to non-competitive pay and poor working conditions compared to the private sector, it is unclear how they might staff and manage – or pay for – an entire new DoD branch.
In the mean time, adversaries like North Korea and China are able to infiltrate critical infrastructure, like but not limited to the telecoms that the Chinese hacked, pretty much at will. The situation for private industry is even worse because the government is just trying to figure out how to deal with the government itself and to a lesser extent, critical infrastructure. For DoD contractors, this is why CMMC is moving ahead (and DoD is trying to figure out how to speed it up) because DoD understands that the federal government is not going to be much help to the hundreds of thousands of defense contractors.
Short term, it appears that help from DC is going to be even more limited than it was, and likely more haphazard. That means that if you run a business, you are going to have to be self-reliant and not count on much help from the federal government.
If you need assistance, please contact us.
Credit: Dark Reading
by 