Defense against cyberattacks must begin now with a reformed, diverse effort, said Frank Cilluffo, director of Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security, as he urged members of the U.S. House of Representatives Committee on Homeland Security on Thursday.
Cilluffo was among four witnesses to testify at the hearing “Securing the Homeland: Reforming the Department of Homeland Security to Meet Today’s Threats.” The hearing is a continued effort to advocate for HR 4357 – the DHS Reform Act – so it can better confront existing and emerging threats and challenges.
“The ecosystem has evolved such that in 2021, cyber is the system’s red blinking light — the most imminent threat facing the country,” Cilluffo testified. “Cyber is the area where we must now double down and work the hardest to enhance our capabilities – not at the expense of other missions and threats — but in addition to them.”
The Biden Administration’s budget includes $20 billion to upgrade the nation’s grid, but Cilluffo believes much more can be done to help prevent another attack from succeeding.
“Consider the events of the past six months,” he told committee members. “We have seen a rash of incidents from the SolarWinds and Microsoft Exchange hacks targeting the supply chain, and other significant ransomware attacks preceded by others striking U.S. pipelines and the food supply. Ransomware attacks are hitting at epic proportions, targeting entities from schools to businesses. No one is off limits.”
A major defense in the war on cyber terror is a well-structured, well-funded Department of Homeland Security, Cilluffo added.
“The department must be calibrated to adapt to the cyber initiative,” he said. “Reaching this bar requires people – a skilled and deep bench to meet the mission. Building and sustaining a high-caliber cyber workforce – and the size needed by the department – is truly an urgent priority. The most effective way to get there is proceed with a multi-pronged approach, including career training, recruitment and retention efforts, plus K-12 and post-secondary initiatives. We also must recruit a much more diverse cybersecurity workforce.”
Besides focusing efforts on developing a diverse, efficient, cyber defense workforce, Cilluffo noted the U.S. should “draw a line in the silicone” and challenged authorities to impose consequences to offenders for poor cyber behavior.
“We’re never going to firewall our way out of this problem alone,” he said. “For too long, China and Russia have been allowed to engage in cyber behavior that has damaged U.S. national and economic security without corresponding effects being visited upon the perpetrators. Until we use all instruments of statecraft to influence the decision calculus of our adversaries, bad behavior will go unchanged.
“Way too long guys have been getting away with murder. This is unacceptable. Are we going to follow through on some of our words and make sure they’re not empty?” he added.
