Connect with us

Cybersecurity

Government Should Incentivize Information Sharing for Ransomware Attacks, Experts Say

‘Information sharing between the government and the private sector, while integral to tackling ransomware, is inconsistent.’

Published

on

Screenshot of Trent Teyema of GeoTech Center

WASHINGTON, July 27, 2022 – The federal government should incentivize the reporting of cyberattacks through safe harbor and shield laws, said experts at an Atlantic Council event Tuesday, as a recent law requiring companies in critical infrastructure sectors to report such attacks to the federal government is limited and currently unclear on who exactly it impacts.

The Cyber Incident Reporting for Critical Infrastructure Act passed in March does not cover private companies who do not operate in the critical infrastructure sectors and does not include safe harbor and shield laws that would encourage private companies to engage in the process.

Oftentimes, companies will avoid interacting with law enforcement to avoid the stigma associated with being a victim of a cyberattack and out of fear of being held liable by regulators and investors, said Trent Teyema, senior fellow at technology policy university collaborative GeoTech Center.

Teyema called for a safe harbor framework, a law that provides protection against legal liability when other conditions are met. Such a provision would decrease the risk of companies being held liable for cyberattacks from regulators, investors, and the public.

He also called for shield laws that would protect against revealing certain information to the government as a requirement for receiving law enforcement assistance.

The government needs to make it easy for the private sector to share information with law enforcement, said Teyema.

“Information sharing between the government and the private sector, while integral to tackling ransomware, is inconsistent,” read a report written by Teyema and David Bray, fellow at GeoTech Center. Information sharing across sectors allows cybersecurity experts in both sectors to learn about new vulnerabilities in software and new attack vectors. It strengthens collective resiliency and can influence the processes used to anticipate and respond to threats, continued the report.

Ransomware on the rise

Ransomware attacks in which bad actors demand money to release encrypted data are increasing dramatically, reported the White House last year. Ransomware incidents often disrupt critical services, such as banks, hospitals and schools that require constant access to data. In 2021, there was approximately $20 billion in damages from ransomware attacks in the United States, with $11 billion in 2020 and $5 billion the year before, said Bray.

This follows on the heels of the 2021 Colonial Pipeline hack that targeted the billing system and led to the shutdown of the largest fuel pipeline in the United States. The Russian-speaking cybercrime group responsible, DarkSide, received $4.4 million in ransom from Colonial, part of which was later recovered by the United States law enforcement.

Research firm Cybersecurity Ventures predicts that there will be a ransomware attack every two seconds by the year 2031 with global costs exceeding $265 billion.

Contributing Reporter Teralyn Whipple, who joined Broadband Breakfast in 2022, studied marketing at Brigham Young University. She has reported extensively on broadband infrastructure, investments and deployment. She has also headed marketing campaigns for several small companies.

Continue Reading
Click to comment

Leave a Reply

Cybersecurity

Cybersecurity Requirements in BEAD Could Shape Internet Security Regulation More Widely

The Broadband Equity, Access and Deployment program requires ISPs and states to submit comprehensive cybersecurity plans.

Published

on

WASHINGTON, November 2, 2023 – How states implement cybersecurity rules in the $42.5 billion Broadband Equity, Access and Deployment program could shape internet security regulations more widely, experts said during a virtual panel Wednesday.

The BEAD program, which will provide federal grants to states to disperse for broadband projects, requires providers to submit comprehensive cybersecurity plans based on standards from the National Institute of Standards and Technology. Panelists said flexibility in the plans allows customization but also establishes baseline expectations as critical infrastructure relies more on connected technology.

“I think the way that states and entities interpret these BEAD cybersecurity and supply chain requirements is really going to have a ripple effect across the whole community,” said Savannah Schaefer, an attorney of Wilkinson Barker Knauer, who advises clients on cybersecurity.

Federal Communications Commission rules are beginning to include similar mandates, meaning how states implement BEAD’s requirements could influence cybersecurity regulations more broadly, Schaefer said.

Melissa Newman, vice president of government Affairs at the Telecommunications Industry Association, said BEAD’s cybersecurity stipulations cite lengthy federal guidance documents providers must wade through. Her trade group developed a checklist to help companies understand the rules.

“You cannot be confident in the security of your networks and products without consideration of both cyber and supply chain security,” said Newman, TIA’s vice president of government affairs.

Supply chain management, knowing who provides equipment and software, is critical because cybersecurity threats can be embedded throughout a product’s lifecycle, she said.

Evan Rice, senior vice president of Guide Star, a division of CCI Systems, said providers should start by documenting current cyber practices, identifying gaps and making plans to address them. Cybersecurity must be incorporated holistically, from network construction to long-term operation, he said.

“Everyone understands that piece. The cybersecurity is the same. Once you build it, you have to operate it,” said Rice. Schaefer encouraged viewing BEAD as part of an ongoing process of shaping cybersecurity requirements.

Our Broadband Breakfast Live Online events take place on Wednesday at 12 Noon ET. Watch the event on Broadband Breakfast, or REGISTER HERE to join the conversation.

Wednesday, November 1, 2023 – Cybersecurity and BEAD

To qualify for funding under the Broadband Equity, Access and Deployment program, network operators must submit a comprehensive cybersecurity strategy in line with the National Institute of Standards and Technology’s cybersecurity framework. What impacts do these requirements have on broadband deployers, and what steps can they take to ensure compliance? How can operators strike the right balance between expanding their networks and safeguarding them against cyber threats?

Panelists

  • Evan Rice, Senior Vice President, Guide Star
  • Savannah Schaefer, Wilkinson Barker Knauer LLP
  • Melissa Newman, Vice President of Government Affairs, Telecommunications Industry Association
  • Drew Clark (moderator), Editor and Publisher, Broadband Breakfast

Evan Rice is an experienced IT executive with a focus on cyber security and operational excellence. Evan currently serves as the Senior Vice President of Guide Star, a division of CCI Systems. Evan has been with CCI Systems since 2012, starting as a Data Services Professional then moving to the Vice President of Information Technology role prior to his current position at Guide Star.

As an Associate at Wilkinson Barker Knauer LLP, Savannah Schaefer advises clients on a range of issues pertaining to cybersecurity, supply chain risk management, and emerging technology. Prior to joining the firm, Savannah represented companies in the information and communications technology sector at two trade associations where she led development and advocacy of the associations’ cybersecurity and supply chain legal and policy positions. She has also served in leadership roles in the IT and Communications Sector Coordinating Councils and on the Department of Homeland Security’s ICT Supply Chain Risk Management Task Force.

Melissa Newman has over 25 years’ experience in government affairs for the telecommunications sector.  Prior to Melissa joining TIA as Vice President of Government Affairs, she worked at Transit Wireless heading the Legal and External Affairs departments; Wilkinson Barker Knauer, a premier telecommunications law firm in Washington, DC; CenturyLink (now Lumen) as Vice President, Federal Policy and Regulatory Affairs; and as Deputy Division Chief of the Policy Division in the Common Carrier Bureau of the FCC.

Breakfast Media LLC CEO Drew Clark has led the Broadband Breakfast community since 2008. An early proponent of better broadband, better lives, he initially founded the Broadband Census crowdsourcing campaign for broadband data. As Editor and Publisher, Clark presides over the leading media company advocating for higher-capacity internet everywhere through topical, timely and intelligent coverage. Clark also served as head of the Partnership for a Connected Illinois, a state broadband initiative.

WATCH HERE, or on YouTubeTwitter and Facebook.

As with all Broadband Breakfast Live Online events, the FREE webcasts will take place at 12 Noon ET on Wednesday.

SUBSCRIBE to the Broadband Breakfast YouTube channel. That way, you will be notified when events go live. Watch on YouTubeTwitter and Facebook.

See a complete list of upcoming and past Broadband Breakfast Live Online events.

Continue Reading

Cybersecurity

White Houses Asks Congress to Fill Rip and Replace Funding Gap

The $3 billion shortfall was first flagged by the FCC in July 2022.

Published

on

Photo of Joe Biden and Jill Biden in 2019 by Gage Skidmore.

WASHINGTON, October 26, 2023 – The Joe Biden administration is asking Congress to fill the $3 billion gap in the Federal Communications Commission’s rip and replace program, among other domestic needs.

The ask came Wednesday as part of a $55.9 billion request for domestic aid, including disaster relief and child care subsidies. Also in the White House’s request was $6 billion to continue the Affordable Connectivity Program, the monthly internet subsidy that’s set to dry up in April 2024 without additional funding.

In 2020, Congress required broadband providers to replace equipment from some Chinese companies, including Huawei and ZTE, citing concerns that it could be used for espionage. The effort was funded with $1.9 billion to reimburse companies for the cost of switching out gear.

But in July 2022 the FCC, which oversees the program, said broadband providers would need $4.98 billion to get the work done. There have since been repeated calls from lawmakers and industry to shore up the fund. Bills have been introduced in both the House and Senate to fill the $3 billion gap, but they have yet to be passed.

The deadline for approved companies to request reimbursement for rip and replace work passed on July 15. By default, companies have one year from the approval of that request to remove the Chinese equipment, but the commission has been granting deadline extensions as providers complain of funding troubles.

House Republicans managed to elect a speaker on the same day as the funding request, ending weeks of deadlock.

Continue Reading

Cybersecurity

Lawmakers Should Incentivize Cybersecurity in Private Sector: Cisco Executive

One weak link can threaten the entire system.

Published

on

Photo of Jeetu Patel of CISCO

WASHINGTON, May 25, 2023 – A Cisco executive urged Congress at a Semafor event Thursday to provide more incentives for companies to ensure their cybersecurity posture is up to date. 

While Jeetu Patel, general manager of security at the information technology giant, didn’t specify what types of incentives can be used, he said the incentives must push private infrastructure to have high security standards. 

Both private and public sectors have a part to play in improving the nation’s security, he noted, adding private companies must build products that are secure by design. 

There is “tremendous” need for cross-nation coordination around cyberattacks, said Patel. He urged lawmakers to democratize cybersecurity by simplifying the process, adding the nation must be united to gain traction against attackers.

The cybersecurity industry has not made conversations simple to follow or technology easy to use, he said. Simplifying cybersecurity is the only way we can democratize it and when it’s democratized, it can be made universal, said Patel. 

He warned that the country cannot let the financial constraints of a few companies put the whole system at risk. Regardless of how affluent a country is, the weakest link controls the strength of the chain, he said. 

Artificial Intelligence will change cybersecurity fundamentally, he noted. It is important to remember that AI tools are also available to attackers. Currently, the majority of attacks stem from fraudulent emails which AI can make more personalized and difficult to discern from real communication, he said.  

Cybersecurity defenses must evolve

We need to develop an idea of civic responsibility for tech innovators and students in STEM fields, added Suzanne Spaulding, senior advisor of Homeland Security at the Center for Strategic and International Studies. Civic responsibility is the antidote to disinformation and is the change central to democracy, she continued.  

Spaulding warned companies against relying on existing cybersecurity measures. Resilience is about having layers of plans and assuming they all will fail, she said.  

This comes at a time of Congressional focus on cybersecurity. In March, two bills were introduced by Senators Jacky Rosen, D-Nev., and Marsha Blackburn, R-Tenn., to establish pilot programs in the Department of Defense and Homeland Security that would hire civilian cybersecurity personnel in reserve. 

In 2021, President Joe Biden signed an executive order on improving American cybersecurity capabilities following the Colonial Pipeline ransomware attack and SolarWinds breach in 2020.   

Continue Reading

Signup for Broadband Breakfast News



Broadband Breakfast Research Partner

Trending