The recent hackings of both JBS Meat Packing facilities and Colonial Pipeline should be a wakeup call to America — and to the free world.
The danger goes far beyond the temporary inconvenience of having to eat chicken instead of beef, or waiting in line to get gasoline or hunting to find a gas station that’s not empty. There’s a much larger and more consequential question which needs to be addressed in the wake of this disaster and should be pursued by those who are focused on the nexus of freedom and security.
In the case of the Colonial Pipeline hack — a team of amateur Ransomware attackers shut down a major artery of our critical infrastructure. The JBS cyberattack appears to have originated in Russia and caused meat production shutdowns across the U.S. and Australia. The fact these systems are so fragile and vulnerable should be deeply concerning. Even more troubling is the White House has come out to shift blame away from themselves and onto the private sector.
We have been warned for years it’s not a matter of if, but when, that a cyberattack takes out a major part of our power grid or other critical infrastructure. This is that proverbial wake up call. How will our leaders respond? We must begin to treat cyber-attacks like kinetic attacks and empower our federal and state agencies with the tools and authorities they need to prevent them, and respond when required. We must also create greater transparency and information sharing between the government and our critical infrastructure companies.
Often the knee-jerk reaction is to cast blame, and then come up with a blanket solution to “ensure” this never happens again. In most instances, those initial responses are overreaching and even when pitched as being temporary, usually wind up being permanent, costly and, unfortunately, mostly ineffective. COVID-19 provided countless examples of the exchange of freedom for the illusion of safety and security. Unlimited emergency powers removed constitutionally protected liberties from American citizens who had no recourse for refusal.
Yet in the cases of JBS and Colonial Pipeline, there is a bigger threat and greater governmental obligation to protect and prevent future incidents like this. Yes, these businesses should have their own cybersecurity measures in place, and perhaps they already do, but as a fundamental component of American infrastructure, perhaps the federal government bears some blame and responsibility as well.
Let’s say, for instance, that an actual missile was launched to strike Colonial Pipeline’s headquarters. Is there an expectation that they would be prepared to ward off such a threat on their own? Certainly not. Nor would we want them, or any private company, to keep their own military-grade arsenal of weaponry and personnel to engage in international warfare. The proper expectation is that the federal government and our brave men and women in uniform, have the power and the capacity to ward off such an attack. Similarly, a cyber-attack aimed toward a crucial part of our national infrastructure has a parallel vulnerability and should also have the same level of expectation for federal protection.
So where does the government’s responsibility for cyber security start and end? And how can we find a balance between personal or corporate responsibility and that of our federal institutions?
I share the justified concern about government accessing any personal data under the guise of security. Yet as Internet connectivity and a cyber presence are no longer optional, but are an essential part of daily life, there needs to be an expectation for baseline protection — just as there is to have safe drinking water and secure and reliable energy sources.
Without getting down to the consumer level where end-user data is accessible, perhaps we as a nation need to consider ways to provide an umbrella of basic cyber security to our companies and our citizens to ensure we all are safer online. Not monitoring or governing content, but rather providing safe highways of information which will prevent future Colonial Pipeline and JBS disasters.
The balance between civil liberties and protection of our nation from physical attacks has never been debated when it comes to an enemy invading our shores, so why do we allow our enemies to roam freely on our servers without the much-needed protection from our key departments and agencies?
The fact the Biden administration condoned the paying of ransom by Colonial as a proper response tells you everything you need to know about their misguided policies and procedures. Our servers can’t be a safe haven for our adversaries that allow them to continue these brazen attacks on our critical infrastructure.
The time to define the nexus of freedom and security and defend Americans and American corporations in the realm of cyberspace has come.
• Peggy Grande (@peggy_grande) is author of “The President Will See You Now: My Stories and Lessons from Ronald Reagan’s Final Years.” She was executive assistant to President Ronald Reagan from 1989–1999 and served as a political appointee in the Trump administration.