The Strengthening American Cybersecurity Act (SACA), signed into law in March of 2022, gives federal authorities an unprecedented look at all cyber attacks against critical infrastructure in the United States. Just prior the Russian invasion in Ukraine, critical Ukrainian websites were targeted by denial of service cyberattacks. Reminding that digital warfare is a key part of geopolitics and international relations.
Strengthen and safeguard USA’s cybersecurity
In March 2022, the SACA law was signed. It requires operators of critical infrastructure (including dams, transportation systems, and critical manufacturing) to notify the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours of a data breach. Organizations that make ransomware payments have 24 hours to report information, including the amount of money demanded, payment instructions, the amount paid, and more.
The text has six main pillars:
- Critical infrastructure security steering: definition of performance metrics and KPI to provide a baseline to drive investment toward the most important security outcomes.
- Investment for Security by design: Investment to modernize and strengthen infrastructure, to bring high-speed internet to underserved parts of the country, to provide government grants to address cyber risk in critical infrastructure.
- Cyber deterrence: Established in 2021, the International Counter-Ransomware Initiative (CRI) brings a collaborative platform with partners from around the world to address the problem of ransomware. In addition, their is a strengthening dialogues to establish cyber response using the mechanisms of NATO for critical incident response.
- Cyber Norms & Frameworks: Working with international partner to call out unbearable state-sponsored cyber attacks. Development of labels for consumers, essentially in the IOT space, will also score and reward the highest cybersecure product.
- Education: Build a cyber workforce by providing skills-based pathways to cybersecurity jobs. The idea is also to infuse the cybersecurity spirit and best practices into the society.
- Technological supremacy: To develop today cybersecurity protection for tomorrow, such as quantum-resistant cryptography. The USA wants to position as the worldwide leader is quantum technologies, investment and intellectual properties.
The SACA initiative comes at a time when governments are dealing with a major shift in paradigm. The disappearance of the traditional security perimeter has made remote and hybrid working, as well as an increase in mobile gadgets, Internet-of-Things sensors, and other network-connected endpoints.
As a result, traditional firewalls and moat-and-castle security strategies are no longer adequate. To enhance cyber resilience, agencies must adopt a risk-based approach that minimizes and manages attacks when they occur.
SACA’s key lessons for everyone
While it is a USA regulation, their are key actions that any senior executives can take in the light of this state-of-the-art cybersecurity bill:
Test your proactive and reactive security posture: Perform security drills and wargames to test your procedures and readiness. At the time a cyber incident occurs, you will have developed individual reflex and collective coordination that are key to win cyber battle.
Continuous assessment: Gather internal and external insight of the evolving regulatory and threat landscape. It is mandatory to have an up-to-date security posture and to budget cybersecurity initiatives.
Implement modern cybersecurity framework: Leverage new paradigms such as Zero-trust architecture to add an additional layer of defense and hardening.
Train your employee: Organization’s staff is the first line of defense. They are on the front-line to detect advanced phishing attempt and malicious behavior on the network.
Take the adversary perspective: Threat actor do not see you as you see yourself. Take the shoes of your adversaries and ask yourself “what can I do to succeed in my malicious project”. It will open up new cyberdefense perspectives.
In today’s highly charged geopolitical climate, and with ransomware attacks on the rise, organizations are especially vulnerable to cyberattacks. Senior management need to get started now to build reporting capabilities and prepare for the event of a cyberattack.
