JBS meat processing facility will be visited on June 2, 2021 in Plainwell, Michigan.
Jeff Kowalsky | AFP | Getty Images
Not a week goes by without a new cyberattack being announced that has a direct impact on the safety and wellbeing of American businesses and citizens.
Whether espionage-focused, disruptive or high-tech ransomware, these attacks affect all Americans. And here’s the scary part: we only hear about a small fraction of the attacks that take place on a daily basis against employers, nonprofits, and local governments.
The latest cyberattacks against Colonial Pipeline and the food company JBS underline the importance of ransomware – and cyber vulnerabilities in the broader sense. While both companies have resumed normal operations, the queues at the petrol stations a few weeks ago and concerns about a meat shortage have finally made our heads of government say: “Enough is enough.”
We need to put that determination into action.
The first step is to acknowledge the reality of the situation. No company – big or small, government or private sector – is immune to this threat. In the sole fight against national actors, no company has a chance, regardless of the resources it spends on cybersecurity. The government cannot fight these actors on its own either. Private networks are often attacked, and the private sector provides the innovation needed to detect and counter attacks.
That’s why the U.S. Chamber of Commerce supports solid government-private sector collaboration to improve cyber defense and strengthen the deterrence, detection, and elimination of ransomware and other cyber threats.
Private sector companies will benefit from early warning and intelligence from government partners to identify threats on the horizon that will enable them to strengthen their defenses against an attack.
In return, the US and allied governments can benefit from increased private sector transparency when attacks occur. The private sector and the US government can work together to achieve a more robust stance on cyber defense.
We also have to take the fight to our opponents. The US government has a responsibility – and international authority – to take decisive action against cyber-attackers, to prevent them from acting with impunity, to hold them accountable and to deter future malicious activity. Cyber criminals must be made aware that attacks on our country and our economy will not be tolerated.
The government has taken some positive steps lately. President Joe Biden’s Executive Order to Enhance Cyber Security in the Country provides a conscious, comprehensive, and strategic approach to improving federal cybersecurity and increasing incident response. The process outlined in the implementing regulation involves significant collaboration with the private sector.
Homeland Security Minister Alejandro Mayorkas recently spoke at a chamber event and named the fight against ransomware one of the top priorities of his cybersecurity department.
The Justice Department announced that it is giving ransomware investigations similar priority to terrorism cases, and the FBI has recovered much of the bitcoins used in ransoming the Colonial Pipeline.
Finally, the White House offered guidance on the actions businesses can take and recognized the role of the U.S. government in working with allied nations to disrupt and deter ransomware groups and impose the necessary consequences on those who do attack American institutions.
The private sector must also become stronger. The Chamber recommends companies of all sizes to take steps to improve their cyber defenses, develop an incident response plan, and develop relationships with the law enforcement agencies responsible for assisting with an attack.
The attacks of the past few months – which we have heard of and which we have not heard of – show how much is at stake. There is much to do. It is time for the government and the private sector to do this together.
Christopher Roberti is Senior Vice President, Cyber, Intelligence, and Supply Chain Security Policy at the US Chamber of Commerce.
