In this episode of the podcast (#240) Lauren Zabierek, the Executive Director for the Cyber Project at the Belfer Center at Harvard’s Kennedy School joins us to talk about the need for a re-think national cyber policy, as major hacks like the attack on Colonial Pipeline put the focus on resilience and public safety.
The Biden Administration entered office with a lot on its plate. In addition to a raging pandemic, Washington D.C. was still sweeping up the broken glass from the worst attack on the nation’s capitol since the British sacked Washington in the war of 1812. On the cyber front, Biden’s January inauguration came just weeks after the disclosure of one of the most serious and significant cyber attacks on the U.S. government – the hack of IT management vendor SolarWinds by a group believed to be affiliated with the Russian FSB.
In our first conversation with Lauren just after the inauguration, we talked about the emerging Biden cyber agenda an many lofty goals the administration had for improving the nation’s cyber defense, including issuing a Cyber Executive Order and appointing new leaders for CISA, the Cybersecurity and Information Security Agency, and filling the new position of National Cyber Director.
How is the administration doing? And how have the events of the last two years (including the ransomware attack on the Colonial Pipeline) changed the calculus for national cyber defense?
To answer those questions, we invited Lauren Zabierek back into the studio. Lauren is the Executive Director of the Cyber Project at the Belfer Center for Science and International Affairs at Harvard’s Kennedy School.
In this conversation, Lauren and talk about the successes (so far) in the Administration’s cyber planning, and where there’s work left to do. We also dig into how incidents like the Colonial pipeline hack have amplified calls for federal, state and local governments to “shift right” in their thinking and strategies, to focus on the potential impacts of crippling cyber attacks on critical infrastructure and the economy.
A local presence for CISA?
In a recent article on the website War on the Rocks, penned jointly with Graham Kennis, Lauren wrote that, while the federal government has made strides in its cyber readiness, there is a greater need for close public-private partnerships. On the ground in states and localities, she and Kennis note, there are often few ties or links between private sector organizations who might be targets of sophisticated cyber attacks – or unsophisticated ones – and cyber responders at the local, state and federal levels.
The solution? Agencies like CISA need to cultivate a local, “on the ground” presence outside of the Beltway. Strategically, the government also has to focus energies on shifting right” and preparing for the inevitability of successful attacks like SolarWinds and Colonial Pipeline. By emphasizing
In this conversation, Lauren and I talk about the last 18 months and what the new administration has gotten right…and wrong. We also talk about hacks like SolarWinds and Colonial Pipeline and what they tell us about the government’s cyber defense priorities.
To download the podcast use the button below, or listen using the player (above).