Two Contrasting Visions of Cyberspace
“We are competing between two visions, one from countries like Russia, China and Iran, who want to limit access and maximize control, and another from the United States and our allies, who want to build and protect a free, open and secure internet,” Mayorkas continued.
He laid out the starkly contrasting approaches to internet governance, saying the United States must ultimately confront some critical questions. “Who will build, own, control and operate the underlying infrastructure of the internet, extending from undersea cables to data centers? Who will shape the future of data routing? How will we protect both privacy and security, online and offline? How will we better protect ourselves against continuously growing and quickly evolving cyberthreats?”
Every day, the Department of Homeland Security tackles these issues, which are not limited to the great game that exists between democratic and authoritarian governments, as they also include the relationship between government and private sector entities,” he said.
DHS Is Collaborating with Other Agencies to Provide Protection
While some IT leaders call for an independent federal body to oversee cybersecurity, Mayorkas detailed some of the agencies already carrying out that work. “Take the U.S. Secret Service, which is part of our department, and responsible not only for protecting the president, but also actively fighting ransomware and a range of other cyber-enabled crimes,” he said.
“We’re looking at TSA, that’s known for protecting airport security, as so many of us know, that maintains regulatory authority over pipelines, which we leveraged following the Colonial Pipeline ransomware attack, to take urgent and critical measures to better protect against immediate cyberthreats.
Mayorkas also highlighted the work of the Coast Guard, which he said “saves thousands of lives at sea, every year, and also protects the maritime transportation system against cyberthreats.”
Finally, he pointed to DHS’ Cybersecurity and Infrastructure Security Agency, which he called “the federal government's quarterback on cybersecurity. CISA reinforces our cyber resilience and equips critical infrastructure owners and operators, cities and states, businesses and organizations of all sizes, and even hospitals and schools with the tools to defend against cyberattacks.”
WATCH: Learn more about ransomware and the challenge of defending against it.
DHS to Confront Open-Ended Questions on Cybersecurity
Mayorkas acknowledged that DHS has many unresolved but important questions to contend with, saying, “We invite a fierce debate. Take, for example, data routing. There are open-ended questions we simply cannot ignore, to protect data as it travels around the world:
- “Should the United States government take a more proactive role in shaping data flows, or do we leave that responsibility to the private sector?
- “How can we ensure that American technology enterprises remain at the heart of the internet's infrastructure across every layer, from the edge to the center, as we move forward?
- “How will we set the rules, how will we balance the United States’ and our allies’ priorities to create more openness and connectivity and freedom, while autocratic regimes like Russia and China are laying claim to greater control with less transparency or accountability?
“The fact is, the strength of our democracy, the promotion of a free and open internet, the fairness of our economies and the security of our communities is a shared responsibility that is more timely and relevant than ever before.”
Easterly Calls for Collaboration to Thwart Cybercrime
Mayorkas’s speech followed an earlier address by Jen Easterly, the new director of CISA. In her keynote, Easterly called for cooperation between the government and private sector to combat cyberthreats.
“The world is incredibly digitized, and the volume, variety and velocity of data is ever expanding. And we know that’s a good thing,” she said. “It’s brought us together as humans. It’s helped us solve problems. We’ve improved our quality of life. But as we’ve attached more platforms and devices on the internet, we have increased the attack surface, as we all know, and we’ve increased the vulnerabilities.”
“So now, there’s a cyberattack roughly every 40 seconds. One in 10 of those 1.8 billion websites leads you to malware. Cybercrime damages are in the trillions of dollars. And, as we all know, ransomware has become a scourge affecting all Americans across society, with attacks against schools and hospitals and municipalities and pipelines and meatpacking and all manner of software.”
Easterly said CISA cannot accomplish its cybersecurity goals on its own “because over 80 percent of critical infrastructure is in private hands. So, it has to be an effort where we come together and collectively leverage our imagination and our collaboration to help secure our cyber ecosystem.”
Easterly announced that one of her priorities for CISA is “to ensure that we are maximizing this power to cultivate and strengthen the incredible partnerships that we have, in particular with industry, with academia, with researchers, with the hacker community, to ensure that we are leveraging the best and brightest of this community for the collective defense of the nation.”
To keep up with our coverage of Black Hat 2021, bookmark this page, follow us on Twitter at @BizTechMagazine or the official conference Twitter account, @BlackHatEvents.