Internet Security Alliance president Larry Clinton hopes to ensure cybersecurity funding is included in the COVID-19 relief measure about to begin moving in Congress, saying economic recovery from the pandemic is impossible “unless the core systems of the economy — which in the 21st century are cyber — also recover.”
“Just as to recover physically we will need to more closely adhere to basic health requirements, so too in order to fully recover economically we need to assure we secure our foundational economic systems, our cyber systems, are secured,” Clinton wrote in a Tuesday blog posting. “Hence, cybersecurity funding is not simply a convenient rider on a ‘must-pass’ bill. Cybersecurity is an endemic part of COVID recovery.”
Congressional Democrats are looking to move a $1.9 trillion COVID-19 relief measure through a budget procedure that wouldn’t require Republican votes in the Senate. That package contains about $9 billion for technology modernization and cybersecurity, including $690 million for the Cybersecurity and Infrastructure Security Agency’s efforts to secure federal networks.
A group of Senate Republicans have proposed a $600 billion package as a compromise but that hasn’t gained any traction among Democrats. It remains to be seen whether Democrats and the Biden administration decide to press ahead with the full $1.9 trillion package or to negotiate with Republicans on scaling back the measure.
But Clinton argues that cyber funding shouldn’t be on the chopping block.
Clinton, in the latest in a series of blogs on cyber policy needs, said, “One of the most dramatic results of the pandemic was that it ushered in the largest alteration of how work was done in human history. Almost overnight an economy that was based on people ‘going to work’ shifted to one wherein an enormous percentage of work was done at home over cyber systems.”
He wrote, “Just as we are learning that COVID has subtle, and dangerous, impacts on a victim even after they have weathered the initial sickness, so too, we have discovered that while our cyber systems — amazingly — were able to sustain an enormous proportion of the economy even on an emergency and unplanned for circumstance — that there are subtle and dangerous after-effects.”
Clinton said cyber funding in the relief package needs to be “properly targeted,” and “Here again it may be helpful to think in broader terms.”
“It appears that the majority of the money in the bill is targeted for upgrades to federal systems. While it is clear that upgrading the systems is in many cases needed, it is also true that too often federal process has procured technology and not provided the adequate training to properly use the new tech,” Clinton said. “Moreover, while the proximate cause for including money for federal systems in the COVID bill is likely the recent SolarWinds attack which impacted multiple federal agencies, thinking of cybersecurity between the federal (nonmilitary) systems and the private sector as separate systems is faulty.”
Clinton concludes: “We need to realize that attackers are attacking both private and public systems and we, the defenders — not just the government — need a much closer alignment. This alignment needs to go well beyond the (largely ineffective) information sharing systems and creates a true partnership model. COVID relief cyber money ought to address the systemic issues not just the government tech upgrades. We need to rethink our approach.”