Saturday, January 2, 2021

NDAA Will Increase Government Cybersecurity

The National Defense Authorization Act (NDAA), will give the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) the Power to issue Administrative Subpoenas to Internet Service Providers (ISPs) when it can’t Determine the Owner of Critical Infrastructure with Security Vulnerabilities.

The Bill allows the CISA to Hunt for Threats in Federal Networks, and it implements several Recommendations from the Cyberspace Solarium Commission, a Bipartisan Panel established by Congress in 2019.

The Provision allowing the CISA to engage in Threat-Hunting Activities is needed, added Jason Meller, CEO and Founder of Cybersecurity Vendor Kolide. The cybersecurity Provisions in the Act “untie the hands of our incredibly talented cyberdefense personnel in the DOD and CIA so they can actually Defend the United States competently from bad actors at home and abroad,” he said.

Congress needs to send “a clear message to our adversaries that one individual will not impact our readiness” to Defend Government Networks, Meller added.

The Subpoena Power Provision will allow the CISA to track down Vulnerabilities more Quickly by Identifying Vulnerable Systems Owners, added Joshua Crumbaugh, Chief Hacker and CEO at Cybersecurity Firms PhishFirewall and PeopleSec. “These provisions are incredibly important in protecting against attacks. The subpoena ability is key to protecting critical infrastructure since many of these networks lack adequate protection since a great deal of critical infrastructure is made up of small organizations.” he said.

Action to Address Cybersecurity shortcomings at a National Level is “long overdue,” added Saryu Nayyar, CEO at Cybersecurity Vendor Gurucul. The Defense Bill goes “some way” toward Addressing Cybersecurity Problems, she said.

In addition to the Bill, Congress can take several more steps to Protect Government IT Systems, she added. “Congress can best protect government IT systems by empowering the dedicated cybersecurity professionals tasked with defending vital IT systems with the authorization and tools to do their jobs,” she said. “Cybersecurity is not a partisan effort. It takes knowledge, skill, and tools to execute.”

However, it also takes Authorization and Adequate Budgets to “bring cybersecurity to a level where IT infrastructure can thwart attacks by state, state-sponsored, and criminal organizations,” Nayyar said.

NYC Wins When Everyone Can Vote! Michael H. Drucker

No comments: