In March, President Biden allocated 9 billion dollars in his American Rescue Plan Act of 2021 to upgrade technology and boost talents hiring in cybersecurity. Where would that money be best used and how can the new administration convert this plan into a safe cyber landscape for the U.S.? To find out, we speak to Jeff Alerta, Chief Technology Officer of Inverselogic. 

Security: What is your background and current role?

Alerta: I am the Co-Founder and Director of Technical Operations for Inverselogic, which I started with my business partner Ara Aslanian in 1998. I have over 35 years of experience in information technology infrastructure management. In the past 10 years, I have concentrated on supporting our clients as they navigate the ever-changing cyber landscape. We help our clients meet regulatory requirements such as NIST and CMMC and establish sound cybersecurity policies and procedures to safeguard their business and cyber environment. 

Security: The new administration has allocated $9 billion in the new Rescue Plan to upgrade tech and boost cyber hiring. Where would that money be best used?

Alerta: $9 billion is a great start, but much more will be needed to strengthen our cybersecurity stance and combat bad actor nations and the ever-growing list of cybercriminals. 

Currently, there are many gaps in our cybersecurity environment. There is a huge shortfall in qualified cybersecurity professionals in the workforce. Part of the funds should be used for addressing this by incentivizing schools and universities to offer more comprehensive cybersecurity programs and degrees as part of their curriculum. Providing Small Business Administration grants or incentives to businesses to harden their security is another way some of the funds can be allocated. 

Infrastructure is another key component. Many facilities have aging technologies that are not designed to be protected against today’s cyber risks. Allocating funds to upgrade key infrastructure technologies should be a key element. 

Security: How can the administration convert this plan into a safe cyber landscape for the U.S.?

Alerta: The administration should deploy policies and regulations that are easy to understand and adaptable. Advocating a minimum set of standards for businesses and industries that deal with critical infrastructure or intellectual property would also be advantageous. 

Combating false information on social media and educating the public on how to share and digest information online is another key factor. As bad actor nations have made it their mission to use social media as a new weapon in the cyber war, educating the public and our children will play a key role in lessening the damage disinformation can have on us as a nation and society.

Security: Could you break down the plan into the following 3 sections and discuss what key actions President Biden and his administration need to take under each one? 1) Modernize federal information technology, 2) Cybersecurity hiring and training, 3) Cyber risks/challenges with smart city and IoT Infrastructure construction.

Alerta: Much of our technology infrastructure is outdated or was not designed with cybersecurity in mind. Bringing critical infrastructure up to date with the latest technology that can both monitor and defend against cyber threats will be key.

Incentivizing our educational institutions to put a greater emphasis on cyber education will be key to closing the shortfall in cybersecurity professionals in the workforce. Also, it’s as important for companies to take cybersecurity seriously. Investing in infrastructure to monitor and defend against cyber threats will be important in the coming years and over the long term.

As we upgrade and plan for new infrastructure, it will be essential to design everything with security in mind. Often, we build technology or systems first and then decide how to secure them, which is a much harder task. Designing the buildings, power plants and smart roads of the future with cyber defense in mind will give us an advantage over our competitors. If a SolarWinds-scale hack were to happen to, say, self-driving vehicles in the future, imagine the detrimental effect that could have on the entire country. It could shut down entire supply chains as we would not be able to move goods. 

Security: Could the SolarWinds hack have a big impact on how the new administration spends and invests in cybersecurity?

Alerta: Yes. As we are still uncovering the magnitude of the SolarWinds hack, there will be much more we will learn from it in the coming months and perhaps years. The attack was a “supply chain attack,” meaning SolarWinds was used to attack its customers, which included multiple federal government agencies and other high-profile clients. The attack was very sophisticated in nature, perhaps the most sophisticated we have yet seen. 

Once all the aspects of this attack are known, you can bet that many things will change. The federal government might be more careful in choosing third-party software providers and the way it is interconnected with other suppliers and agencies. Using more sophisticated monitoring systems or using tools that are developed specifically for the federal agencies might be something to consider. 

It is encouraging to see that the new administration has officially blamed and sanctioned Russia for this attack. Hopefully, this will be a deterrent for future attacks and will make other bad actor nations reconsider any future attacks on our supply chains and federal agencies.