- The government and the private sector must work together to combat cyber threats to business, writes Christopher Roberti of the U.S. Chamber of Commerce.
Not a week goes by without the announcement of a new cyberattack directly impacting the safety and well-being of American businesses and citizens.
Whether espionage-focused, disruption minded, or high-tech ransomware, these attacks affect all Americans. And here is the scary part: we only hear about a small portion of the attacks that occur against employers, nonprofits and local governments every day.
The recent cyberattacks against Colonial Pipeline and the food processing company JBS underscore the significance of ransomware in particular – and cyber vulnerabilities more broadly. While both businesses resumed normal operations, the lines at gas stations a few weeks ago and concerns over whether there would be a shortage of meat finally have our government leaders saying, "Enough is enough."
We must turn that resolve into action.
The first step is acknowledging the reality of the situation. No entity — large or small, government or private sector — is immune to this threat. No company has a chance when fighting against nation-state actors alone, regardless of the resources it may devote to cybersecurity. Nor can the government fight these actors alone. It is often private sector networks that are attacked, and the private sector provides the innovation necessary to detect and defeat attacks.
That is why the U.S. Chamber of Commerce supports robust collaboration between the government and the private sector to enhance cyber defenses and strengthen deterrence, detection and remediation of ransomware and other cyber threats.
Private sector entities will benefit from early warning and intelligence from government partners to see threats over the horizon, which will allow them to shore up defenses in advance of an attack.
In turn, the U.S. and allied governments can benefit from increased transparency from the private sector when attacks materialize. The private sector and the U.S. government can achieve a more robust cyber defense posture through collaboration.
We also have to take the fight to our adversaries. The U.S. government has the responsibility – and international authority – to act decisively against cyber attackers, stop them from operating with impunity, hold them accountable, and deter them from future malign activities. Cybercriminals must be put on notice that attacks against our country and our economy will not be tolerated.
The government has recently taken some positive steps. President Joe Biden's executive order on improving the nation's cybersecurity provides a deliberate, comprehensive, and strategic approach to improve cybersecurity across federal networks and strengthen incident response. The process outlined by the executive order includes significant engagement with the private sector.
Secretary of Homeland Security Alejandro Mayorkas recently spoke at a Chamber event and identified countering ransomware as one of his department's top cybersecurity priorities.
The Department of Justice announced that it is elevating ransomware investigations to a similar priority as terrorism cases, and the FBI recovered a majority of the bitcoins used in the Colonial Pipeline ransom payment.
Finally, the White House offered guidance on steps companies can take and acknowledged the U.S. government's role in working with allied nations to disrupt and deter ransomware groups and imposing necessary consequences for those who attack American institutions.
The private sector must also step up. The Chamber recommends that businesses of all sizes take steps to improve their cyber defenses, develop an incident response plan, and build relationships with the law enforcement officials responsible for assisting when an attack occurs.
The attacks of the past few months – those we have heard about and those we have not – demonstrate just how much is at stake. There is much work to be done. It is time for the government and the private sector to do it together.
Christopher Roberti is the senior vice president for Cyber, Intelligence, and Supply Chain Security Policy at the U.S. Chamber of Commerce.