Does Putin Have the Better Hackers (Part 6) U.S. Senate passed Strengthening American Cybersecurity Act
14. April 2022Does Putin Have the Better Hackers (Part 6)
U.S. Senate passed Strengthening American Cybersecurity Act
Washington, 4/13/2022
The U.S. Senate unanimously passed the Strengthening American Cybersecurity Act on March 1, 2022. The bill follows President Biden’s executive order on cybersecurity last year (E.O. 14028). The President signed the new law on March 15.
The big challenge: It imposes new reporting and modernization requirements on covered entities. In other words, transparency of attack operations becomes a critical priority, because the U.S. government expects affected organizations to know exactly what is going on in their IT systems. This means that advanced threats, including signature-based and fileless or in-memory polymorphic attacks, must be accurately detected and tracked. These now account for 94 percent of malware attacks that result in ransomware.
One thing is certain, however: meeting these new requirements will be a challenge for most organizations . According to ISACA’s State of Cybersecurity 2020 report, only 16 percent of organizations currently report cybercrime accurately. To make matters worse, companies rarely know how and when they were attacked. According to an IBM study, it typically takes about nine months for companies to even notice a security breach.
The bottom line is that there is a huge gap between the requirements of the new law and today’s operational reality. Therefore, all companies that are at risk of being affected must act quickly.
For now, the law applies to federal agencies and critical infrastructure operators. The Cybersecurity and Infrastructure Agency (CISA) will play an important role in its implementation. CISA Director Jen Easterly will establish a joint Ransomware Task Force to organize federal efforts.
The legislation targets organizations in 16 federally designated critical infrastructure sectors, including energy, finance, manufacturing and healthcare. The comprehensive bill provides $14 billion in emergency aid for Ukraine’s defense against Russia, with lawmakers frequently citing increasing cyber threats in that conflict.
Support is also provided for the defense, foreign, justice, finance, trade and other ministries. They will receive technological assistance and support to sustain government operations, including IT infrastructure and cybersecurity services.
