May 8, 2024 at 12:08PM
CISA director Jen Easterly stressed the need to improve software security to combat ransomware attacks in critical infrastructure. She urged collective efforts and highlighted the government’s role in pushing for more secure technology. Chris Krebs emphasized the potential levers to enhance technology security, including voluntary efforts, litigation, regulatory action, and legislative measures.
Key takeaways from the meeting notes include:
– CISA director Jen Easterly emphasizes the importance of making software secure by design to significantly reduce ransomware attacks and cyber threats.
– UnitedHealth CEO confirms paying $22 million to ransomware attackers, highlighting the severity of the ongoing ransomware problem.
– Various government-backed cyber espionage groups, such as China’s Volt Typhoon, are targeting critical infrastructure, posing significant security threats.
– Easterly emphasizes the need for collective action to establish technology minimum standards for cybersecurity and advocates for the federal government to use its technology procurement power to promote more secure software.
– Around 60 tech companies, including Microsoft, Google, AWS, IBM, Palo Alto Networks, and Cisco, are expected to sign a pledge to develop more secure technology.
– Chris Krebs discusses levers for making technology products more secure, including litigation, regulatory action, and legislative action, emphasizing the upcoming cyber attack reporting rules for critical infrastructure operators required under the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA).
– The discussion highlights the challenges and opportunities for improving tech security through voluntary efforts, regulatory changes, and legislative actions, including potential influences from European Union regulations.