lazyllama | Shutterstock

In a confirmation hearing by the Senate Homeland Security and Governmental Affairs Committee, Jen Easterly – nominee for Director of CISA – and Chris Inglis – nominee for National Cyber Director – described ransomware as an urgent national security threat, and promised to work with critical infrastructure companies to improve their defenses.

Easterly said that “voluntary standards are probably not getting the job done” in terms of cybersecurity at critical infrastructure firms. Inglis likened the situation to the aviation and automotive industries, in which self-interest and market forces were ineffective, so the federal government regulated or mandated safety standards.

Easterly spoke supportively about working with Congress on reforming FISMA, “to ensure that accountability is rightly structured” for federal agencies.

Inglis said he would be an “advocate and connector” of various cyber capabilities in the public and private sectors, to “systematically attack” the components that make ransomware possible. Regarding companies paying ransoms, he would seek to hold them accountable for being in a position which made it necessary, rather than for doing it.

In response to questions about who would be in charge during a crisis, Inglis said his new role would be to “create coherence, unity of effort [and] unity of purpose across what are already impressive deep and sharp capabilities within the federal enterprise.” Easterly likened her position to that of a quarterback, with Inglis as head coach.

Also testifying, GSA administrator-designate Robin Carnahan said the pandemic highlighted the “importance and the fragility of our nation’s digital infrastructure,” and resolved to invest in IT modernization projects that improve public-facing services. She also committed to “strengthening the supply chain to ensure that it’s complying with Section 889” requirements to remove certain Chinese technology from federal government systems.

Sources:

RELATED ARTICLESMORE FROM AUTHOR