This article was originally published on nasdaq.com.
On Tuesday, March 1, President Biden issued his first official State of the Union address. Chief among his remarks was a focus on enhancing resilience plans in the U.S. — specifically, rebuilding and securing critical infrastructure in the United States, investing in American manufacturing and emerging technologies, and financing more semiconductor and automotive initiatives.
With an increased focus on upping production, manufacturing and distribution in the U.S., cybersecurity needs to be a national priority — more than ever before. If 2021 taught us anything, it’s that ransomware and cyberattacks can have devastating global economic implications. Industrial organizations and critical infrastructure, vital to the stability of our national economy, can’t afford to be caught in ransomware’s cross hairs.
2021 was a bumpy road
Think back to the ransomware attack on Colonial Pipeline in May 2021. It’s hard to believe that a single breach took down one of the largest fuel pipelines in the U.S., leading to a surge in oil prices and fuel shortages that plagued Americans across the East Coast for weeks. Shortly after, JBS USA, the world's largest meat supplier, had to shut down all its U.S. beef operations in the wake of another cyber incident.
Unfortunately, we have to expect our critical infrastructure to be a top target for cyber and foreign adversaries going forward. We should anticipate and plan for many of these attacks to be successful in achieving their desired outcomes, whether stealing data, harming our economy or shutting down critical infrastructure.
It’s clear that today breaches are inevitable and cyberattacks are the new norm. A sole focus on detection to keep the bad actors out is no longer enough. We need to look within to bolster our resilience — and to ensure that a successful breach cannot result in a widespread outage or infrastructure failure.
Cultivating resilience in the midst of chaos
The best way for our nation to deal with the ransomware scourge and significant increase in cyberattacks is to focus on bolstering resilience in cyberspace. Although remiss from President Biden’s State of the Union address, the federal government continues to demonstrate that cybersecurity is the cornerstone of our national resilience strategy at large.
President Biden’s emphasis on cybersecurity began with the Administration's "Executive Order on Improving the Nation’s Cybersecurity," signed in May 2021. Then, in January 2022, the Office of Management and Budget (OMB) unveiled a Zero Trust Mandate, which put in place a Federal Zero Trust architecture (ZTA) strategy requiring agencies to "meet specific cybersecurity standards and objectives by the end of Fiscal Year (FY) 2024 in order to reinforce the Government’s defenses against increasingly sophisticated and persistent threat campaigns."
Most recently, the Senate passed a major piece of cybersecurity legislation, which would require “critical infrastructure owners and civilian federal agencies to report to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours if they experience a substantial cyberattack."
In short, recent federal momentum highlights that cybersecurity is top of mind, not just among the federal government, but across the entirety of the public and private sectors.
Cyber resilience will prove foundational in helping us navigate a safe and secure future in an increasingly risky cyber landscape. As our world continues to become more digital and critical infrastructure grows increasingly interconnected, one miss or oversight in any given area can lead to devastating consequences. To ensure American stability, cybersecurity must be a top priority.
The federal government’s continued emphasis on cyber as a national imperative is a step in the right direction. Although it may take time for us to reach national resilience, it’s important to remember that decisive action is a win and any action beats entropy. All too often what business leaders resort to in the face of uncertainty and adversity is doing nothing, but our enemies and attackers never stop, and it’s our mandate to push forward during this critical time. Right now, the best way to bolster national cyber resilience is to act. Federal agencies should shore up their mission-critical assets accordingly: back up data, practice incident response plans, and segment networks.
As cybersecurity becomes a more critical part of the world we’re living in, we must build it into our resiliency strategy from the very beginning. And most importantly, we need to act on those plans quickly and efficiently; bad actors aren’t going to wait for us to get our national security in order, they’re going to take advantage of any delay and it’s our job to stay one (or more!) steps ahead of them.