The United States is doubling down on efforts to keep the nation’s electric grid, gas supply, banks and hospitals safe with a new cybersecurity strategy, developed in part by a University of Cincinnati scholar.
UC Political Science Professor and Chair of the Center for Cyber Strategy Richard Harknett played a key role in the new more aggressive US strategy. He was the initial scholar in residence at the US Cyber Command, a recognition, according to UC Center for Cyber Strategy colleague Gregory Winger, that the government needs engagement with academia.
“Richard Harknett is absolutely one of the key architects with the strategy,” says Winger.
Others include the State Department’s Emily Goldman and Michael Fischerkeller of the Institute for Defense Analysis.
What will the strategy do?
The government's new policy is proactive, including minimum cybersecurity requirements, making the private tech sector more accountable, prioritizing cybersecurity R&D and forging international partnerships.
Acting National Cyber Director Kemba Walden calls the 35-page document forward leaning and bold. Here she is talking about it before the strategy was released.
"We've been playing whack-a-mole for a long time," Walden says. "We've been allowing the adversary in a lot of ways to set our agenda and this is our opportunity now to get in front of the adversary."
Winger says the adversaries are state-based actors in China, Russia, North Korea and Iran, who use sophisticated ways to promote their own international agendas at the expense of the US and its allies.
Up until 2018, the US had what many would call a passive approach to cybersecurity, allowing the private sector to deal with various threats as it saw fit. The 2023 cybersecurity strategy is more aggressive because it needs to be, according to Winger.
“Usually when we think of national security we think about borders, we think about military. You establish a fort or wall and you’re safe. Cyber isn’t like that. It is a domain of constant contact with threats ever present and engagements can happen often anywhere, anyplace,” says Winger.
Government officials are increasingly worried about ransomware attacks on US soil. Two years ago, Russian-linked hackers temporarily forced the shutdown of Colonial Pipeline which affected the flow of gas to the East Coast.
It's no secret Russia has been launching cyberattacks against Ukraine. Now, citing information from Microsoft, Reuters reports Russian hackers appear to be preparing a renewed wave of cyber attacks, including a "ransomware-style" threat to organizations serving Ukraine's supply lines.
The US says there were gaps in its previous cybersecurity strategy and the new policy is trying to shore them up. It places some of the responsibility on the private tech sector.
Winger says, “Think about Microsoft, chip producers, (and) hardware companies ... have become lax over the years in terms of releasing and then patching software. One of the emphases of this strategy is actually making that process much more effective and much more secure.”
Some of the tech companies are pushing back and so are lawmakers. The publication Roll Call reports Chairman of the House Homeland Security Committee, Rep. Mark Green, and Chair of the Cybersecurity Subcommittee, Rep. Andrew Garbarino, are urging the administration to streamline existing regulations and favor partnerships rather than punishment in the implementation of the strategy.
The strategy doesn't mention ChatGPT. Microsoft is training it to detect cyber threats.