A Senate Homeland Security Committee hearing brought together several experts from the intelligence community today to discuss the homeland security landscape 20 years after the terrorist attacks on Sept. 11, 2001.
Department of Homeland Security (DHS) Secretary Alejandro Mayorkas and FBI Director Christopher Wray spoke about the U.S.’ position in the cyber arena as it relates to securing the homeland.
“Throughout the last year, the FBI has seen a wider-than-ever range of cyber actors threaten Americans’ safety, security, and confidence in our digitally connected world,” Director Wray said. “Cybercriminal syndicates and nation-states keep innovating to compromise our networks and maximize the reach and impact of their operations, such as by selling malware as a service or by targeting vendors to access scores of victims by hacking just one provider.”
Wray said that the current state of cyber is not a sustainable or acceptable one as “cybercriminals and nation-states believe that they can compromise our networks, steal our property, and hold our critical infrastructure at risk without incurring any risk themselves.”
Wray says that through initiatives put in place by the FBI that require cooperation with international allies and industry partners, the bureau took more than 1,100 actions against cyber adversaries in the last year alone. However, he did say that the private sector needs to do a better job of coming forward to warn the FBI quickly about malicious cyber activity.
“The recent examples of significant cyber incidents only emphasize what I have been saying for a long time: The government cannot protect against cyber threats on its own,” said Wray. “We need a whole-of-society approach that matches the scope of the danger.”
Secretary Mayorkas highlighted ransomware as a major threat to the U.S.’ cyber resilience. He said that in 2020, nearly 2,400 state, local, tribal, and territorial governments, healthcare facilities, and schools in the U.S. were ransomware victims. The victims paid an estimated $350 million in ransoms, with an average payment of more than $300,000.
Mayorkas outlined several steps that DHS has taken this year to increase cyber resilience, including:
- Implementing recommendations from the Cybersecurity and Infrastructure Security Agency (CISA),
- The Coast Guard releasing its new Cyber Strategic Outlook;
- CISA announcing the creating of the Joint Cyber Defense Collaborative;
- The U.S. Secret Service expanding cybercrime enforcement programs; and
- DHS increasing the required minimum spend on cybersecurity via FEMA grant awards from five percent to 7.5 percent—an increase of $25 million.
“The Federal government and our private sector partners must be prepared to respond to and recover from a cyber incident, sustain critical functions even under degraded conditions, and, in some cases, quickly restart critical functionality after disruption,” said Mayorkas.