The Cyber and Infrastructure Security Agency (CISA) needs continued support from Congress, including backing from lawmakers for the creation of a cybersecurity recovery fund, Brandon Wales said Wednesday.
Wales, the acting director of CISA, said at CyberScoop’s CyberTalks conference that the agency is working hard to promote best cybersecurity practices but that it will need further support from lawmakers to ensure success.
“We are using our voice at CISA to raise awareness, provide best practices, advocate for more funding, but we can’t do it alone,” Wales said. “We need continued support from Congress, including in critical new areas such as dedicated cybersecurity preparedness grants for our state and local governments, and establishing a new cybersecurity recovery fund to ensure our nation can respond to catastrophic cyber incidents.”
His comments come as federal agencies ramp up their response to the epidemic of recent ransomware attacks on entities core to U.S. digital and physical infrastructure, including the Colonial Pipeline hack last month and the SolarWinds attack, which was revealed in December last year.
The creation of a cybersecurity recovery fund was proposed in a report issued at the end of March by the Ransomware Task Force (RTF) — a public-private coalition launched to tackle the ransomware threat that has received White House backing.
In an interview with FedScoop earlier this month, RTF co-chair Chris Painter said that any prospective ban on the payment of ransom demands made by hackers would likely need to be phased, and also accompanied by support measures such as a victims recovery fund. The creation of such a fund would likely require approval from lawmakers.
Speaking at CyberTalks, Wales also highlighted the cybersecurity skills gaps that remain across government and in the private sector, and noted that the U.S. faces an expected cybersecurity workforce shortage of 1.8 million by 2022. The NSA and Department of Homeland Security are among the agencies making major investments in university and community college programs designed to support technology talent considering a career in the federal government.
The CISA chief issued a wider call to arms to the private sector, stressing the importance of improving cybersecurity measures and reporting cyberattacks immediately to the federal government.
“I believe we are at a tipping point, and the time is now to take action for the long-term health of our national security.”