Feds target groups critical to national security

Efforts in the federal government and Congress to identify and further protect groups critical to national security from cyber threats are gaining ground amid recent destructive ransomware attacks, officials say.

New program: Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly said Friday that her agency has kicked off an effort to identify “primary systemically important entities” to be protected from threats, often those critical to national continuity.

“We are prototyping a variety of different approaches in our National Risk Management Center…to try and start identifying those entities that are in fact systemically important, and we are doing it based on economic centrality, network centrality, and logical dominance in the national critical functions,” Easterly said during a virtual event hosted by the Center for Strategic and International Studies (CSIS).

CISA’s efforts to identify organizations to further protect come as the nation continues to face a wave of ransomware attacks that have, at times, destabilized key supply chains. These have included the ransomware attack in May on Colonial Pipeline, which led to gas shortages in multiple states for over a week.

“Ransomware, truly a scourge that is affecting all of our lives every day,” Easterly said Friday.

Similar to existing bill: House Homeland Security Committee ranking member John Katko (R-N.Y.) and Rep. Abigail Spanberger (D-Va.) earlier this month introduced the Securing Systemically Important Critical Infrastructure Act. The bill would authorize CISA to set up a program to identify critical groups to protect, similar to what the agency is now undertaking.

Katko, speaking at the same event Friday, teased the potential for his legislation to be included in the annual National Defense Authorization Act, particularly as he is set to sit on this year’s conference committee on the defense package.