Biden admin taking good cop/bad cop approach on hackings

(AP Photo/Ahn Young-joon)

It’s a bit of a good cop/bad cop approach for the Biden administration towards the private sector over the recent cyberattacks of major American corporations. The White House sent a pair of envoys to the Sunday talk shows raising alarm and prodding businesses into more action against hackers.

Energy Secretary Jennifer Granholm took the hard-line approach, first telling CNN’s State of the Union the nation’s power grid could be shut down by hackers due to lax security.

“Even as we speak, there are thousands of attacks on all aspects of the energy sector and the private sector generally, I mean, the meat plant, for example,” Granholm warned before vowing the administration wants to team up with everyone to fight ransomware attacks. “So, working with other countries, working with the private sector, working inside of our own government — the president has issued these executive orders to make sure that our own house is in order — making sure that citizens are able to protect themselves.”

The former Michigan governor later pushed an even broader agenda on NBC’s Meet the Press. Granholm believes it’s not enough for the TSA, the operators of pipeline security, to require oil companies to alert the federal government whenever they’d been hacked (One has to wonder if the “blue gloves of freedom” paw computers and pipes as much as they do humans and luggage).

“There are basic standards, cyber standards, that [companies] adhere to, cyber standards that are developed by the Department of Commerce,” she told Chuck Todd before demanding the same standards for pipelines. “This notion of requiring them to report is important. That’s a first step. We need to take the next step. They need to — we need to work together. And it’s not just cyber on grids and pipeline. It’s cyber for across the country. It is a huge issue. And everyone needs to wake up and up their game in terms of protecting themselves, but also in terms of telling the federal government if they are a target of attacks.”

Granholm later supported a law banning ransomware payments but promised it was only her opinion, not that of President Joe Biden. A definite hard line regarding the future of cybersecurity.

Commerce Secretary Gina Raimondo’s words to ABC’s This Week with George Stephanopoulos seem more honey-laced in tone.

“The thing — the only good news here, George, is that some very simple steps, like two-factor authentication, having proper backups and backup technology, can be enormously helpful against a wide variety of these attacks,” The ex-Rhode Island governor said before pushing aside the idea of more government mandates on all businesses. “[A]t this point we are urging businesses, businesses know how to do this, it’s relatively inexpensive to do the simpler things like two-factor authentication, and at the moment we’re going to, you know, pursue that versus, you know, what you’re talking about, a little bit more heavy-handed approach.”

Raimondo also promised the White House would work with other nations, including the bogeyman of Russian President Vladimir Putin, this week on looking at cybersecurity and preventing further attacks.

One point Raimondo and Granholm agree on is this notion the government needs to spend more money on cybersecurity. Both knocked Republicans for not supporting the American Jobs Plan vowing it would harden cyberinfrastructure. The main question is “How,” and one neither bothered to expound nor were they pressed on the issue.

The question remains whether or not throwing money at the problem will solve it. The Cyberlaw Podcast by Volokh Conspiracy didn’t appear to agree with this idea back in March with EFF board member Bruce Schneier saying most cybersecurity advances happen in public. He later suggested in Foreign Policy there needed to be “greater transparency and public accountability — if only to match the consequences of its failure,” regarding cloud services, while also pushing the federal government, which has contracts with the cloud companies, to look at their security infrastructure. It’s a possible idea, however, my concern remains the federal government ordering companies to make sure there’s a back door for them to get user information.

There are, of course, ways individuals can protect their information without government involvement.

The first, as noted by Reclaiming My Time podcast co-host Nathan Leamer, is for people to realize how much everyone relies on technology in their everyday lives.

“Much like a real bug can screw us up these virtual bugs are screwing us off too,” said Leamer, who used to work at the FCC, during a recent episode. “And I hope that these are a wake-up call for you. Stop opening those Trojan horse links on your porn sites…Stop opening up emails that are catfishing you. Make sure you’re careful about what you’re doing online. Wipe your virtual ass. That’s what it comes down to, taking care of yourself. These companies need to do a better job of mitigating against these concerns.”

He also noted the companies may improve mitigation efforts as the public becomes more aware of hacks. It certainly makes sense given how businesses stand to lose customers if it turns out their security is at risk. Users can also not rely on the cloud for data storage and make sure there are different passwords for different accounts.

It’s tempting to go along with the White House’s idea regarding mandates and barrels of cash in hopes of solving the cybersecurity problem. This gives a false sense of safety regarding the government “doing something” to keep everyone’s data. The better method remains a personal choice in protecting data, taking steps to ensure accounts are secure as possible, and just plain common sense regarding what emails or links are clicked or not. It’s the harder choice, but one worth taking as cyber threats increase with advances in technology.