A Whole Lot Got Done Last Year
If all you read was the political press, you might be forgiven in thinking the Biden admin hasn't really done anything -- but it's doing some big things in cybersecurity
Once when I was on The Week in Tech, host Leo Laporte asked me to explain the appeal of covering the tech landscape from the business side, not the consumer side. I answered that the real fun in being a trades reporter is that I get to perceive, report, or edit news months to years before the mainstream press does.
Here's an example: at RSA 2017, I reported on Microsoft president and vice chair Brad Smith's proposal to push for a digital Geneva convention. Smith had a point to which he returned: The future of war will be in state-sponsored data espionage, civilians are not ready for it, and it behooves governments and private industry to work together to protect nations, corporations and civilians. (He expands on this in his very good Tools and Weapons: The Promise and Peril of the Digital Age.)
So I kept an eye on the steady trickle of stories about state-sponsored hackers and borked election security measures throughout the Trump administration. Last year, I began to notice that one of the first things the Biden administration focused on was cybersecurity. The executive branch has spent the last year comprehensively building out a body of cybersecurity-focused policy that will attack ransomware operations, require certain business segments to report data security breaches, and fortify supply chain and infrastructure security. Take a look:
March '21: Commerce Dept. announces intent to stick with Trump executive order to require cloud providers to know their customers and address the threat of adversaries operating under U.S. infrastructure. (You can thank Solarwinds for that!)
May '21: "President Joe Biden’s infrastructure proposal includes billions of dollars tied to improving cybersecurity, an area of intensified interest after the ransomware attack on the Colonial Pipeline."
May '21: "Mandatory cybersecurity requirements for pipeline operators may be needed, U.S. Energy Secretary Jennifer Granholm told lawmakers." (NB: The pipeline industry has historically opposed regulation in this area.)
May '21: Biden signs executive order reading, "The Federal Government must bring to bear the full scope of its authorities and resources to protect and secure its computer systems, whether they are cloud-based, on-premises, or hybrid."
July '21: Biden makes it clear publicly to Putin that Russian hackers need to knock it off, follows with the statement: "[U.S.] will take any necessary action to defend its people and its critical infrastructure in the face of this continuing challenge.”
July '21: A few days later, Bloomberg reports that Russia-linked ransomware gang REvil has seemingly vanished from the dark web.
July '21: Following on the May '21 exec order which said that the govt expects the private sector to step up & work with them on cybersecurity as a matter of national security, Biden announces a pending tech company/White House meeting.
July '21: Busy month, as the Biden admin also directs the Homeland Security & Treasury depts to create baseline cybersecurity goals for all critical infrastructure sectors & emphasizes that private sector firms need to step up on this too.
August '21: Following an August 25, 2021, meeting with the administration, Apple, Google, Microsoft & Amazon all promise varying levels of training/financial support for improving U.S. cybersecurity in infrastructure, supply chain, cloud.
Sept '21: The Biden admin now weighing sanctions as a disincentive for ransomware, continues to emphasize that the private sector needs to step up on security issues and play a part in ensuring national security.
Sept '21: Jen Easterly, Biden's director of the Cybersecurity and Infrastructure Security Agency, backs legislation mandating operators of critical infrastructure to report data breaches to the government, imposing fines if breaches are not reported.
Sept '21: Agriculture Secretary Tom Vilsack urged U.S. agricultural cooperatives to “harden” defenses against cyber attacks after Iowa’s New Cooperative Inc. was targeted.
Oct '21: The Biden administration launches the Counter-Ransomware Initiative, a 30-nation pact to target the misuse of virtual currency to launder ransom payments.
Nov '21: Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, known as CISA, testifies to Congress that "vulnerabilities are emerging as our digital and our physical infrastructure increasingly converge."
Nov' 21: After the arrest of the Russia-lined REvil hackers, Biden issues the following statement: "We are bringing the full strength of the federal government to disrupt malicious cyber activity and actors, bolster resilience at home, address the abuse of virtual currency to launder ransom payments, and leverage international cooperation to disrupt the ransomware ecosystem and address safe harbors for ransomware criminals."
Dec '21: The Homeland Security dept. is now requiring major passenger and freight railroads to report cybersecurity breaches quickly and review how susceptible they are to cyberattacks.
Dec '21: The Homeland Security dept. is also offering bug bounties to developers who can help identify holes in the department's computer systems.
This is a staggeringly long list when you put it all in one place. That's not even counting what Congress got up to this year -- as lawyer and writer Martha Buyer explained:
During the first week of December, the House of Representatives passed three bills with a two-third majority (who says Congress can’t get anything done if it’s properly motivated?) to address current and future cybersecurity issues.
First, the Understanding Cybersecurity of the Mobile Networks Act requires the National Telecommunications and Information Administration (NTIA), resident in the U.S. Department of Commerce to examine and report back on cybersecurity vulnerabilities in mobile networks within a year following passage of the act. The FUTURE Networks Act directs the Federal Communications Commission (FCC) to create a 6G Task Force that will prepare and submit a report to Congress on the advantages and risks associated with 6th generation wireless, one year following the FCC’s appointment of someone to chair the group. The third bill is the American Cybersecurity Literacy Act, that directs NTIA to launch a campaign aimed to educate the public on identifying phishing emails and other bad online behavior. These three bills are added to other bills introduced in October - the Defense of United States Infrastructure Act of 2021, the Good AI Act, and the Federal Cybersecurity Workforce Expansion Act that promotes supply chain and network security.
SO WHAT?
We are in the middle of a speedy and massive federal policy build-out that touches so many industries and redefines the boundaries of the national interest. This stuff may not be as fun or funny as watching how Congress tries to regulate social media, and it may lack the Power Game-esque angles of the battle over who runs the FTC, but it may form the bedrock of our national security policy in the twenty-first century. That makes it an important story -- one that began at least five years ago and has been accelerating ever since.
WHO CARES?
Anyone who's interested in seeing what the definition of "infrastructure" is for the remainder of the century.
I once interviewed a pundit at a right-wing think tank about rural broadband access and how to ensure it, and this dude explained to me that the Internet was not a utility like water or electricity and therefore, ensuring equal access to it was not the government's responsibility. (I wish I had been quick-witted enough to ask about the Rural Electrification Act of 1936.)
The idea that the Internet is not a utility and that the well-being of Americans is not hampered if they don't have access to it has been disproven by the pandemic. It looks like the federal government is already moving to update what counts as infrastructure in America today. We'll have to watch to see who pushes back against the boundaries the Biden administration is defining.
AN UNCOMPLICATED THING THAT BRINGS GREAT JOY
Star Blazers --adapted from the Japaense series Space Battleship Yamato -- was a pivotal childhood media influence. It was the first time I had run across a serialized cartoon, it was in an aesthetic wholly unlike anything I had seen on the Wide World of Disney, and it was about submarines in space, which combined two of the things I thought were the coolest.
You can watch the series on YouTube but if that's too much of a commitment, please PLEASE check out this video of the Japan Maritime Self-Defense Force Band performing all the series' musical themes. Yukari Miyake's total commitment to conveying the emotional themes of the series is impressive. (So is she.) I actually screamed in delight at the 2:22 mark.
And here is the footage of the Star Blazer credits I remember from childhood. Oh, that Derek Wildstar hair!