Cyber Regulation Could Be Coming Following Spate of Hacks,
June 11, 2021
The United States may soon look to regulate private companies,
mandating higher standards for cybersecurity following a series
of damaging hacks and ransomware attacks against key firms and
U.S. President Joe Biden's nominees to fill two top cyber roles
in his administration warned Thursday that malign actors are
currently operating with impunity and that too many private
sector organizations have, so far, failed to take the necessary
"Enlightened self-interest, that's apparently not working,"
Chris Inglis, tapped to be the country's first national cyber
director, told members of the Senate Homeland Security and
Governmental Affairs Committee. "Market forces, that's
apparently not working."
"When they're conducting critical activities upon which the
nation's interests depend, it may well be we need to step in and
we need to regulate or mandate in the same way we've done that
for the aviation industry or the automobile industry," he added.
Jen Easterly, nominated to head up the Department of Homeland
Security's Cybersecurity and Infrastructure Security Agency,
"As a nation, we remain at great risk of a catastrophic
cyberattack," she said. "It seems to me that voluntary standards
are probably not getting the job done and that there is probably
some sort of role for making some of these standards mandatory,
to include notification."
The question of how best to take on a range of cyberthreats,
from state-sponsored hackers to ransomware networks, has been
thrust into the spotlight following a series of high-profile
attacks in recent months, starting with discovery of the hack of
SolarWinds, a Texas-based software management company, last
That breach, described by U.S. intelligence agencies as a
Russian espionage operation, exposed as many as 18,000
SolarWinds customers, allowing the Russian hackers to access
information at major U.S. agencies, including DHS.
More recently, ransomware networks forced JBS, the world's
largest meat supplier, to shut down operations in Australia and
And, earlier this week, the chief executive of Colonial
Pipeline, the largest fuel pipeline operator in the U.S., told
lawmakers in Washington he felt he had no choice but to pay
close to $5 million to the DarkSide Network following a
ransomware attack in May that caused fuel delivery disruptions
up and down the country's East Coast.
"We really are at a moment that requires an 'all hands-on deck'
approach," said Easterly, who until recently led
cyber-resilience efforts at U.S.-based financial giant Morgan
Stanley, following a stint at the National Security Agency (NSA).
The call for more regulation is not new; a bipartisan group of
lawmakers has been pushing for mandatory reporting requirements
for companies hit by major hacks, ransomware attacks and other
types of breaches.
"Congress needs to act," Mark Warner, the Democrat who chairs
the Senate Intelligence Committee, told Axios Thursday at a
virtual event, when asked about the recent attacks.
"The Biden administration has moved aggressively, but they can
only do a certain amount of things," Warner said. "We need to
put this mandatory reporting bill in place."
month, Biden signed an executive order that requires internet
service providers to share certain information about breaches
into their networks, mandates higher standards for software
development, and creates a playbook for how government agencies
should respond to a breach.
On Thursday, Inglis told lawmakers that the recent series of
high-profile hacks and ransomware attacks "signal the urgent
need to secure our national critical infrastructure" and that if
confirmed as national cyber director, he would work to
strengthen not just the technology but the people using the
technology, as well.
"What we need to do is make these systems defensible — they'll
never be secure," Inglis said. "We need to then defend them …
such that we can change the decision calculus of adversaries.
"Every one of us needs to learn how to cross the cyber street in
the same way we learned to cross a physical street when we were
young," he added.