Aug 11 2021

Black Hat 2021: What Is the Federal Government’s Role in Cybersecurity?

The final day of this year’s hybrid event featured a pair of keynote addresses from CISA Director Jen Easterly and DHS Secretary Alejandro Mayorkas.

During a conference focused on the ever-present cyberthreats swirling in the world around us, one question was pervasive throughout and found its way to the center of two keynote sessions on the closing day of Black Hat 2021: Where does the federal government fit in?

Ransomware attacks have become more plentiful and more costly since the start of the pandemic. According to research conducted by Cybersecurity Ventures, by the end of 2021, a business will experience a ransomware attack every 11 seconds, and global ransomware damage costs will reach $20 billion.

Since some ransomware victims choose not to report their payouts, fearing the consequences of acknowledging shortcomings in their security, it’s difficult to accurately assess total damages. But Cybersecurity Ventures predicts that within the next 10 years, attacks will take place every two seconds, and costs will skyrocket to $265 billion annually.

The Changing Landscape of Cybersecurity

In the keynote speech that concluded Black Hat 2021, DHS Secretary Alejandro Mayorkas acknowledged the many ways cybersecurity is shifting. “A lot has changed in the last six years, as it relates to the cybersecurity landscape. We've shifted from news headlines about data breaches and espionage to ransomware attacks disrupting hospitals, schools, food suppliers and pipelines — the assaults on companies like Colonial Pipeline and JBS foods — not to mention interference in our elections.”

In noting these changes, Mayorkas highlighted the need to “enforce the importance of cybersecurity, of how we govern the internet, and of why we need a free cyberspace.”

“We are competing for territory we cannot see. We are competing for the future of cyberspace, one in which friends gather, colleagues communicate, businesses sell, consumers buy, dissidents organize, horrific crimes occur, governments hear from their citizens and information is widely and quickly disseminated,” he said.

Two Contrasting Visions of Cyberspace

“We are competing between two visions, one from countries like Russia, China and Iran, who want to limit access and maximize control, and another from the United States and our allies, who want to build and protect a free, open and secure internet,” Mayorkas continued.

He laid out the starkly contrasting approaches to internet governance, saying the United States must ultimately confront some critical questions. “Who will build, own, control and operate the underlying infrastructure of the internet, extending from undersea cables to data centers? Who will shape the future of data routing? How will we protect both privacy and security, online and offline? How will we better protect ourselves against continuously growing and quickly evolving cyberthreats?”

Every day, the Department of Homeland Security tackles these issues, which are not limited to the great game that exists between democratic and authoritarian governments, as they also include the relationship between government and private sector entities,” he said.

DHS Is Collaborating with Other Agencies to Provide Protection

While some IT leaders call for an independent federal body to oversee cybersecurity, Mayorkas detailed some of the agencies already carrying out that work. “Take the U.S. Secret Service, which is part of our department, and responsible not only for protecting the president, but also actively fighting ransomware and a range of other cyber-enabled crimes,” he said.

“We’re looking at TSA, that’s known for protecting airport security, as so many of us know, that maintains regulatory authority over pipelines, which we leveraged following the Colonial Pipeline ransomware attack, to take urgent and critical measures to better protect against immediate cyberthreats.

Mayorkas also highlighted the work of the Coast Guard, which he said “saves thousands of lives at sea, every year, and also protects the maritime transportation system against cyberthreats.”

Finally, he pointed to DHS’ Cybersecurity and Infrastructure Security Agency, which he called “the federal government's quarterback on cybersecurity. CISA reinforces our cyber resilience and equips critical infrastructure owners and operators, cities and states, businesses and organizations of all sizes, and even hospitals and schools with the tools to defend against cyberattacks.”

WATCH: Learn more about ransomware and the challenge of defending against it. 

DHS to Confront Open-Ended Questions on Cybersecurity

Mayorkas acknowledged that DHS has many unresolved but important questions to contend with, saying, “We invite a fierce debate. Take, for example, data routing. There are open-ended questions we simply cannot ignore, to protect data as it travels around the world:

  • “Should the United States government take a more proactive role in shaping data flows, or do we leave that responsibility to the private sector?
  • “How can we ensure that American technology enterprises remain at the heart of the internet's infrastructure across every layer, from the edge to the center, as we move forward?
  • “How will we set the rules, how will we balance the United States’ and our allies’ priorities to create more openness and connectivity and freedom, while autocratic regimes like Russia and China are laying claim to greater control with less transparency or accountability?

“The fact is, the strength of our democracy, the promotion of a free and open internet, the fairness of our economies and the security of our communities is a shared responsibility that is more timely and relevant than ever before.”

Easterly Calls for Collaboration to Thwart Cybercrime

Mayorkas’s speech followed an earlier address by Jen Easterly, the new director of CISA. In her keynote, Easterly called for cooperation between the government and private sector to combat cyberthreats.

“The world is incredibly digitized, and the volume, variety and velocity of data is ever expanding. And we know that’s a good thing,” she said. “It’s brought us together as humans. It’s helped us solve problems. We’ve improved our quality of life. But as we’ve attached more platforms and devices on the internet, we have increased the attack surface, as we all know, and we’ve increased the vulnerabilities.”

“So now, there’s a cyberattack roughly every 40 seconds. One in 10 of those 1.8 billion websites leads you to malware. Cybercrime damages are in the trillions of dollars. And, as we all know, ransomware has become a scourge affecting all Americans across society, with attacks against schools and hospitals and municipalities and pipelines and meatpacking and all manner of software.”

Easterly said CISA cannot accomplish its cybersecurity goals on its own “because over 80 percent of critical infrastructure is in private hands. So, it has to be an effort where we come together and collectively leverage our imagination and our collaboration to help secure our cyber ecosystem.”

Easterly announced that one of her priorities for CISA is “to ensure that we are maximizing this power to cultivate and strengthen the incredible partnerships that we have, in particular with industry, with academia, with researchers, with the hacker community, to ensure that we are leveraging the best and brightest of this community for the collective defense of the nation.”

To keep up with our coverage of Black Hat 2021, bookmark this page, follow us on Twitter at @BizTechMagazine or the official conference Twitter account, @BlackHatEvents.

Getty Images/ gorodenkoff