If you have not read this already I highly recommend Alex Stamos’ opinion essay that appeared in the Washington Post on December 15th, 2020. Titled “Enough is enough. Here’s what we should do to defend against the next Russian cyberattacks.”, Stamos writes about how poor our response is today and what the United States government should be doing to respond to the threats posed by future attacks.
As pointed out in the essay too often our corporate and government response to cyber attacks and incidents gets lost; buried by various players in our over litigious society. While in the recent SolarWinds incident has been attributed to the Russian nation state there are others that past incidents have been attributed to. The theme through all of these incidents is that while we hope to learn from them to avoid repeats in the future; we’re not learning.
Stamos is calling upon the incoming Biden administration to attack the problem space through the creation of a new government agency. That is a great start. But beyond that we citizens of the United States need to call upon our government to reform existing laws and create new that properly address the threat surface presented by the Internet that virtually everyone uses.
The U.S. Cybersecurity and Infrastructure Security Agency was a good start. The charter of the agency holds promise. It’s too bad that our current Administration saw fit to fire that agencies director, Chris Krebs. Hopefully the incoming Biden administration will remedy this by asking Krebs to return to lead the CISA.
I’ll say it again (and again and again). Our lawmakers have to get smarter about cyber and write new laws to police cyber space rather than relying on the application of 19th and 20th century laws.