Omnibus Spending Bill Highlights Need for Protecting Critical Infrastructure
By Tony D’Angelo, Vice President of Public Sector, Lookout
With international tensions continuing to rise, the Biden administration signed a $1.5 trillion omnibus spending bill in March that includes funding to bolster cybersecurity resources for U.S. critical infrastructure and billions of dollars for ongoing aid to the Ukrainian government.
This effort — combined, in part, with portions of a previous supplemental funding request — highlights a strengthening of cyber defenses in response to a crisis and points to specific sectors where operations are both critical and likely targets of potential serious cyberattacks, such as technology supply chain networks, electrical grids and large federal agencies that provide a wealth of essential citizen-facing services.
Since the beginning of the conflict in Ukraine, there have been fears that the cyber threats initially directed at Ukrainian government bodies and infrastructure could easily be targeted at other nations, especially in retaliation for ongoing sanctions from Western countries.
As seen with previous cyber threats, such as the 2017 NotPetya ransomware outbreak, targeted zero-day attacks could rapidly spread to other networks and cripple critical services.
While those institutions can serve as targets during a crisis, it’s important for private and public sector leaders to implement lasting modernization efforts that strengthen the nation’s cyber resilience with additional cyber spending.
U.S. seeks to safeguard the supply chains of dual use technologies
As part of the funding package, the Department of Commerce will increase the enforcement efforts of its Bureau of Industry and Security to help ensure strong export control technologies that have both civilian and military purposes, also known as dual-use technologies.
The department will also seek to analyze various potential chokepoints related to “U.S. supply vulnerabilities; technological infrastructure and information sharing platforms with allies and partners, as well as responses to chokepoints in the U.S. supply chain that could be used against U.S. interests,” according to the initial budget request.
The manufacturing sector has been and will continue to be a prime target for cyberattacks within the supply chain, especially as they increasingly rely on cloud apps and mobile devices for their operations. According to research from Lookout, mobile phishing attacks spiked 118% in 2021 compared to 2020. This means attackers are recognizing these devices as a major attack vector to compromise an organization.
To ensure work-from-anywhere workers stay productive while safeguarding against these threats, organizations need to embrace zero trust architectures.
Funding to secure electrical grids in Ukraine and at home
Part of the omnibus bill provides funding for the Department of Energy to assist Ukraine in integrating its electrical grid with the European Network of Transmission System Operators for Electricity (ENTSO-E) to provide more stable electrical performance.
Along with this, it calls for the DOE to utilize its National Laboratory system to aid in “modeling and analytics, cybersecurity, synchronization and other assistance prior to an integration with ENTSO-E,” according to the initial budget request.
This omnibus bill comes at a critical time for the energy sector, following 2021’s Colonial Pipeline attack that impacted U.S. gas prices and could help defend critical power grids in a contested cyber environment.
There is also seeing an increase in cyberattacks targeted at the industry. As the 2021 Lookout Energy Industry Threat Report outlined, mobile phishing attacks on energy sector employees were up 161% compared to 2020. The energy sector also faces a mobile app threat exposure rate nearly double the average of all other industries combined, according to the same study.
As the conflict in eastern Europe continues, agencies will likely see a rise in cyberattacks such as phishing and ransomware.
Cyber-attacks in Ukraine could spread more broadly
The 2017 NotPetya ransomware attacks, while initially directed at Ukrainian businesses, soon spread to impact as many as 65 other nations, serving as what the White House called in 2018 the “most destructive and costly cyber-attack in history.”
To prevent a similar event from occurring, the omnibus bill also includes national defense components and provisions related to the Treasury Department.
As the Treasury Department continues to enforce ongoing sanctions against the Russian government, its leaders and various oligarchs, funding from the omnibus aims to fortify the department from targeted cyberattacks.
Because of the heightened cyber threat posture of recent events, it’s critical for federal agencies to take steps to safeguard their networks and help implement zero-trust plans to mitigate potential attacks.
Cyber resilience is critical
With this budget package, the federal government seeks to secure global supply chains and support Ukraine’s technology infrastructure with new funding.
Already under increasing cyberthreats, critical infrastructure sectors remain susceptible to attacks as a result of the war in Ukraine. And with historical precedence of targeted attacks on Ukrainian networks spilling over to other countries, this spending bill will help secure essential operations both home and abroad. It will also reinforce cybersecurity postures that support the nation’s digital transformation in the long run.
About the Author
Tony D’Angelo is the Vice President, Public Sector at Lookout. He leads the Americas Public Sector team, bringing more than 30 years of experience in the IT industry. Prior to joining Lookout, Tony held various sales leadership roles at Proofpoint, Polycom, Brocade and Nortel. Originally from New York, Tony received his Bachelor of Science in mechanical engineering from the University at Buffalo and has spent his entire professional career in Washington, D.C. Having joined Lookout in 2019 to lead the Americas commercial enterprise team, he now heads the combined federal-SLED business unit.
Tony can be reached online at https://www.linkedin.com/in/tony-d-angelo-2017867/ and at Lookout’s company website https://www.lookout.com/.