The Cybersecurity 202: Industry groups urge Congress to include cybersecurity funding in coronavirus relief package

“As we have seen in the recent SolarWinds compromise of both federal government and critical infrastructure companies, the need to invest in our nation’s ability to protect against, detect, respond to, and recover from these attacks is critical,” the Cybersecurity Coalition, the Better Identity Coalition, the Alliance for Digital Innovation, and the Computing Technology Industry Association wrote in a letter sent last week to congressional leaders.

The letter adds to a growing chorus of calls by cybersecurity experts and trade groups to support Biden’s proposal for increased cybersecurity funding as part of pandemic relief. The push follows a show of support for the funding earlier this month by CompTIA and other trade groups including BSA The Software Alliance, the Internet Association and the Chamber of Commerce.

Cybersecurity experts are warning about the increased security risks raised by a shift to virtual work and services since the beginning of the pandemic. Those concerns have gone largely unaddressed in previous relief packages. 

“[Biden’s proposal] makes it a lot easier for us to go up there, have conversations about why these pieces are necessary, rather than talking about cybersecurity funding as kind of a general idea,” says Ari Schwartz, coordinator for the Cybersecurity Coalition, one of the letter’s signatories. 

The group includes Google, Intel, Cisco and McAfee as some of its members.

Cybersecurity Coalition members as well as other groups that signed the letter have met with lawmakers on Capitol Hill and are planning follow-up meetings with leadership in the coming weeks, Schwartz says.

The coalition also is calling on Congress to look at cybersecurity funding for states.

“As states mobilize to provide support to health systems, to administer and track vaccinations, targeted state funding will help secure supply chains, reduce fraudulent behavior, and create resiliency in new systems that need to function consistently at the highest levels,” the groups wrote in the letter.

The letter also notes the growing trend of ransomware attacks against local governments as well as fears of attacks against critical infrastructure renewed by the recent hack of a Florida town’s water supply.  

Funding for cybersecurity could already be on thin ice.

Despite bipartisan support for improving resources for cybersecurity defenses, getting funding in the next package is already facing hurdles in the Senate. 

The Senate eliminated a provision granting $9 billion in funding for a fund that supports federal IT modernization pilots in its most recent round of negotiations, Rep. Gerald E. Connolly (D-Va.), chair of the House Government Operations subcommittee, said at an event organized by MeriTalk last week.

Connolly blamed the decision on a lack of understanding about the importance of the fund to coronavirus recovery.

“I can only describe it, not to malign intent, but to a lack of understanding of why these investments are so important,” he said. “I think it got dismissed as ‘Well, that’s tangential to the mission,’ … Without smart IT investments, your mission will not succeed.”

Schwartz also stressed the importance of IT investment in shoring up cybersecurity.

“We’re going to end up spending double or more with the next attack that comes from underinvestment,” he said.

Suspected North Korean hackers have allegedly targeted nine other health organizations in hopes of stealing information about coronavirus vaccines. South Korea says it has foiled attempts against companies in its borders.

Russia’s Sandworm hacking group targeted server software made by France’s Centreon from 2017 to 2020, France’s cybersecurity agency said. The company’s website lists clients including news agencies, government agencies and major firms, though it is unclear whether any were breached.

Researchers believe the hackers exploited Internet-facing machines rather than relying on a supply-chain vulnerability like hackers used in the attack on SolarWinds and other U.S. companies. 

Centreon told Wired it regularly updates its software. “We are not in a position to specify at this stage, a few minutes after the publication of the [National Cybersecurity Agency of France] document, whether the vulnerabilities pointed out by the [agency] have been the subject of one of these patches.” The company declined to comment beyond the advisory. 

The U.S. government has said Sandworm was responsible for a string of malware and hacking affecting Ukraine’s power grid, the 2017 French elections and the 2018 PyeongChang Olympics.

The attack on SolarWinds and other software was “the largest and most sophisticated attack the world has ever seen,” Brad Smith said on a recent episode of CBS’s “60 Minutes.”

“When we analyzed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks. And the answer we came to was, well, certainly more than 1,000,” Smith said, later noting that “almost certainly, these attacks are continuing.”

Smith did not elaborate on how he reached his estimate.

That estimate is staggering when compared with the number of engineers working on Windows, cybersecurity researcher Matt Tait notes:

The “60 Minutes” segment created buzz on Twitter:

Reuters reporter Christopher Bing praised it for its accessibility:

Cybersecurity researcher Stefan Soesanto:

It sparked criticism from Hoover Institute fellow Jacquelyn Schneider:

• Election Assistance Commission chairman Benjamin Hovland testifies at a House Appropriations Committee hearing on oversight of the commission today at 11 a.m.
• The Cyber Threat Alliance hosts a virtual event featuring former National Security Council cybersecurity coordinator Michael Daniel, Fortinet CEO Ken Xie, Palo Alto Networks vice chairman Mark McLaughlin and Microsoft executive vice president Christopher Young on Wednesday at noon.

Dave breaks down what you missed this Valentine’s Day weekend: