Over the past year, many high-profile ransomware attacks have re-focused attention on cybersecurity and where federal agencies need to invest. As well as guidance from the CISA, the Executive Office of the President, Congressional like Senator Gary Peters (D-MI), are working on solutions that will enable agencies to not only manage today’s threats but also bolster security and mitigate future threats.
In response to the latest wave of cyberattacks which have targeted the supply chain, Sen. Peters authored the Supply Chain Security Training Act, which directed the General Services Administration (GSA), in coordination with the Department of Homeland Security (DHS), Department of Defense (DOD), and the Office of Management and Budget (OMB) to create a supply chain security training program for federal workers who are responsible for purchasing services and equipment to identify risks to federal agencies.
Recently, Sen. Peters and Sudhakar Ramakrishna, CEO of SolarWinds, joined Washington Post Live to discuss the cybersecurity challenges agencies are facing today and what future threats may arise. Sen. Peters, an advocate for improved cyber defenses commented that “it’s a possibility that we ban [ransomware payments], I’m not closing the door on that. But I think right now [we need to] be focused on working with companies to understand there are alternatives to paying a ransom.” For Peters, if an agency was to suffer a ransomware attack, the focus should be on reporting the initial compromise and working quickly to remediate, avoiding paying the ransom.
Ramakrishna commented that “instead of being anxious and fearful, we need to be conscious and urgent in our actions…consciousness and urgency are more critical to make us secure and safe than fear-based tactics because that causes you to do a lot of artificial things that may be unproductive.” Even after an attack occurs, an agency needs to overcome several residual difficulties, especially if they were to pay the ransom. Sen. Peters mentioned that “if a small business gets hit with a ransomware attack, nearly 60 percent are out of business in a year to a year and a half.” Even if an agency can’t go “out of business,” the disruption undermines public trust and has the potential to compromise the mission. Therefore, being proactive in their security measures can help save an agency from the disruption caused by an attack.
With supply chain security attacks continuing to be a significant threat to the federal government, agencies will need to focus on the integrity of their supply chains. “[The focus needs to be on] collaboration amongst the ecosystem,” concluded Ramakrishna. “[We must be able to] share knowledge, best practices, threats, [and] threat intelligence freely so that we are able to securely deliver solutions to our customers and keep their environments safe as well.”
To learn more about cybersecurity from Sen. Gary Peters and Sudhakar Ramakrishna, click here.