How CISA can help bolster cyber defense of small businesses

Ensuring the security of our cyberspace is vital to a thriving economy and strong national security. Technology touches all facets of our lives and as our society continues to rely more on technological advancements, the risk from cyber-attacks grows larger.

In recent years, cyber-attacks have steadily grown as a concern in our home states and across our nation. Whether it’s hackers in their basement or nefarious actors working for or with the implicit compliance of nations such as Russia or China, these criminals are constantly targeting vulnerable businesses, hospitals, and governments across the globe. In Kansas and Iowa alone, health care facilities, grain elevators, local governments, and small businesses have all been targeted in recent cyber-attacks. We continually hear from constituents who feel ill-equipped to deal with this growing threat.

Last year, our nation’s transportation systems sector suffered a ransomware cyber-attack that impacted Colonial Pipeline and caused a nationwide energy crisis. The cyber-attack led to gasoline shortages and volatile fuel prices.

Just a few months later, the largest meat processing company in the world, JBS, was hacked by a Russian-led cybercriminal organization. These hackers threatened to delete the company’s internal files unless a ransom was paid. JBS was forced to halt processing operations at over a dozen plants, causing the price of meat to rise and impacting economies across the globe. JBS ultimately ended up paying $11 million to the hacking group to restart operations.

The threat does not lie just within the private sector. Over the course of 2021, the federal government has been victim to multiple cyber-attacks, including the SolarWinds cyber-espionage campaign and the Microsoft Exchange and Pulse Secure attacks.

This holiday season, the log4j software vulnerability wreaked havoc on private corporations, small businesses, and government agencies. This exposure has given hackers the ability to take over computer servers with ease, resulting in one of the most serious and impactful weaknesses on the internet. The rough equivalent would be if someone discovered that a certain combination worked on all physical combination locks made during a certain decade and that many modern locks depend on that exploitable locking mechanism.

The bottom line is that our systems are interconnected and vulnerable, and the complexity and intensity of cyber-attacks are increasing.

When we talk to small businesses and organizations in our districts about the increasing risk of cyber threats, many don’t know about the completely free resources the Cybersecurity and Infrastructure Security Agency (CISA) can provide to proactively bolster their cyber defense.

CISA has several tools and capabilities it brings to bear in the fight against attacks. One example is the recently established Joint Cyber Defense Collaborative or JCDC. The JCDC integrates top cybersecurity companies, internet service providers, technology companies, federal agencies, and state and local governments to jointly collaborate cyber defense plans to address cyber risks and coordinate mitigations. These type of public private partnerships are essential in driving down our cyber risk.

Importantly, CISA doesn’t just serve entities in Washington; it has cybersecurity professionals located across the nation to assist owners and operators of critical infrastructure, and the private sector. A small business owner shouldn’t need a Ph.D. to be able to protect against cyber-attacks and because of this, we strongly advocate that entities take advantage of CISA’s free, voluntary services. It’s vital that we work to make the business community feel confident and comfortable in CISA’s reliability when they reach out to use these valuable preventative resources.

We must recognize that proactive cyber preparedness by businesses has an outsized impact on preventing cyber threats. CISA can further aide large and small businesses by providing free cybersecurity services, training, and other assistance. Again, it is imperative that businesses large and small take advantage of these resources ahead of a disruptive event.

As we enter 2022, we must work in a bipartisan manner to improve our cybersecurity infrastructure. As members of the Committee on Homeland Security, we will continue to push for a more streamlined and efficient CISA to best serve our constituents. Cybersecurity is a team sport, and everyone has a role to play.

Reps. Jake LaTurner represents Kansas’ 2nd District and Mariannette Miller-Meeks, M.D., represents Iowa’s 2nd District. Both are members of the House Committee on Homeland Security.