Cameron Garrity No Comments

On January 20th, a new administration was sworn into office, and with this comes questions for many, especially those wondering how Joe Biden will tackle cybersecurity problems.

After the SolarWinds breach, Biden went on to say “We’re still learning about the extent of the SolarWinds attack and the vulnerabilities that have been exposed.” He later went on to say, “This attack constitutes a grave risk for national security.” Biden’s team has yet to release specific orders or policies related to cybersecurity, but he has mentioned it’s possible we will need to spend billions of dollars to secure the cyberspace from outside threats.

What to expect from the New Administration

To start, the Biden administration will need to fill a very important leadership role, the CISA director. By selecting the right leader for this role, the united states would be poised to building deeper relationships with the private sector, on route to confronting the issue of cybersecurity

Biden’s response to the SolarWinds hack will set the tone for the new administration’s cyber policies moving forward. It is clear there is a different approach laid out by the Biden administration as they attempt to re-create and re-enter global agreements that will help address some of our security issues.

The US Senate confirmed President Biden’s Choice of Lloyd Austin for Defense Secretary on January 22nd, 2021. Austin quickly confirmed in his hearing, his priority for the ongoing review of the Nation’s cybersecurity policies.

Austin Indicated that the U.S. needs to have a better focus on cybersecurity moving forward. “I believe the Department must effectively counter these campaigns by taking proactive action to: generate insights about the adversary’s cyber operations and capabilities; enable its interagency, industry, and international partners to create better defenses, and; acting, when necessary, to disrupt adversary cyber actors and halt malicious activities,” Austin said.

The Cyber Super Team

Biden has already hand picked a “world class” cyber security team that has received praise from former DoD officials. The team will consist of former national security veterans with an expansive experience in cybersecurity.

Biden must select a leader for a cyber focused office due to a new law that requires the president to name someone that will report to the new National Cyber Director. Headlining the potential candidates for the cyber director role, is Jen Easterly, a former NSA Official, and current head of resilience at Morgan Stanley. Easterly was a member of the Obama Administration and helped create the U.S Cyber Command, the Nation’s cyber warfare unit.

Securing the Cyberspace

Securing our cyberspace should be priority number one for the Secretary of defense as this poses an immediate national security risk. The information of the United States and its people are at risk. The Biden Administration will have a challenging task ahead of them as they try and get a grip on data breaches and securing our cyberspace. Secure cyberspace will lead to a secure country, and it is paramount that the new administration works closely with the private and global sectors to ensure this happens swiftly.

What Should I Do Right Now

With Cybersecurity and Information Security initiatives at the forefront of protecting the valuable and sensitive data your organization manages, often with third parties, a vigorous internal and external assessment activity is prudent.  Looking at your current risk management programs and understanding your strengths and weaknesses allows you to prioritize your initiatives.  For example, how strong is your third-party risk management (TPRM) program, and is there a need to add new content to your assessments?  Should you run supplementary assessments against your critical vendor population to determine if your vendors used Solarwinds software, or if they are adequately managing the newly identified risks related to working from home, etc.?  Internally, consider whether your people are properly trained to monitor and react to newly identified threats?  Is there a straightforward process in place for managing newly identified risks?  All of the answers to these questions should be discussed candidly within the organization, with continuous improvement in mind.  Sometimes, self-reflection is the best starting point!      

If your organization is in need of Third-Party Risk Management capabilities, such as supplemental assessments, reach out to us at sales@castlehillrisk.com or visit us at https://castlehillrisk.com/supplemental-assessments/