The recent Colonial Pipeline hack has made more people aware of the threats that lurk in cyberspace, and Sen. Angus King, I-Maine, says it’s time for the government to develop a new relationship with the private sector on cybersecurity and take an all-of-society approach to protecting critical infrastructure.
“The private sector has been very reluctant about mandatory reporting but, you know, those days are gone by, we just have to get to a place where there’s a cooperative relationship to protect the country,” Sen. King said today during NextGov’s Cyber Defense virtual event.
“Over the past half dozen years or so, there was a mandatory reporting bill – back I think seven or eight years ago – … it was heavily lobbied against by the business community,” King would go on to say. “I don’t think we’re going to see that this time. I think there will be pockets of, you know, ‘we don’t want the government messing around,’ but I think people are starting to realize that this is too big for an individual company to deal with, and that the government has assets and resources that we can really help.”
King said that he was encouraged by the steps that have been taken by the Federal government to defend against cyber threats, including the executive order that President Biden signed to bolster cybersecurity in the wake of the Colonial Pipeline hack.
“It hasn’t reached the level of presidential attention that I think it deserves so the fact that the president acted is a big deal,” said King. “And the fact that he imposed sanctions on Russia for the SolarWinds attack is a big deal, because one of the things we haven’t done is made our adversaries pay a price for their cyber intrusions.”
Going forward, King said that it will take a large-scale effort to truly curb cyber intrusions by foreign adversaries, saying that just one person in a company can click on a bad email and open up a vulnerability. In addition, he said he’d like to see more international norms when dealing with cyber criminals.
“Tolerating a criminal activity within your borders should be a punishable offense,” he said. “[The National Security Agency] does have the capability and the authority, I believe, to go after a criminal enterprise in another country, with cyber tools, just as they did with the Russians in the 2018 and 2020 elections, to the extent they can disrupt those networks … And that may be part of the answer as well, but as the cleverness of our adversaries in covering their tracks and obscuring who’s behind things – attribution is a big problem – but that’s again where international norms I think might help.”