I’m sure everyone reading this blog knows that about 2 months ago, Colonial Pipeline was hit with a ransomware attack and paid $4.4 million dollars.

In our previous post, we noted that the new National Cyber Director’s office, which is charged with coordinating federal cyber policy, ought to begin that effort by evaluating and coordinating current cyber regulation. We pointed to studies (including government studies) that showed from 40 to 70 percent of federal cyber regulation – including those imposed on states and localities – is redundant and/or conflicting, thus wasting scarce cyber resources.

Last Thursday’s confirmation hearing for Chris Inglis and Jen Easterly renewed talk of the need for federal regulation over cybersecurity.

This post is a one in the “Rethink Cybersecurity” series. Additional posts in this series are available here Perhaps the most incisive part of Chris Inglis’

In their 2019 book The Fifth Domain, Richard Clarke and Bob Knake note that the U.S. has basically not changed its cybersecurity approach since the Clinton Administration.

On May 11, the chairs and ranking members of seven congressional committees that have jurisdiction over cybersecurity wrote a joint letter to National Security Advisor Jake Sullivan stressing that “cybersecurity is no longer just an ‘IT issue’ but instead an economic and national security challenge.”

By now anyone who is reading this sort of blog is aware that the ransomware epidemic is totally out of control. Colonial just paid $5 million in Bitcoin to get their data (and our gas) released. But this is by no means an isolated event. Ransomware attacks have been proliferating both in number and size of ransom for a while. Earlier in May, former CISA Director Chris Krebs told the House Cybersecurity Subcommittee that we are on the cusp of a world-wide ransomware pandemic fueled by greed.