U.S., Companies 'Absolutely Not' Prepared for Nation-State Cyberattacks

A panel of cybersecurity experts agree the United States is nowhere near prepared to handle sophisticated nation-state cyberattacks.

The Wednesday panel was moderated by Paul Ferrillo, privacy and cybersecurity partner at Seyfarth. It addressed the SolarWinds hack, the Biden Administration’s cybersecurity executive order, and the upcoming Department of Homeland Security (DHS) cybersecurity regulations for the pipeline industry.

In addition, the panel discussed strategies to increase cyber-risk and systemic-risk communications between the board, C-Suite and IT.

Panelists included:

Cybercriminals at a Clear Advantage with Nation-State Cyberattacks

When asked if companies and the federal government are prepared for nation-state cyberattacks, Bessette said “absolutely not.”

Booz Allen’s Jerry Bessette

“Networks are still so complicated,” he said. “And there are still so many organizations, including government agencies, that aren’t doing the basics. So we’re just not prepared for the next attack.”

Zukis said “on a scale of one to 10, and 10 being totally prepared, I’d say we’re at about a two, and we’re not going to move that needle until we start to understand systemic risk and how it interacts with cyber risk.”

“Hackers have clearly figured out the system is in and of itself the weak point and they’re exploiting it,” he said. “And unfortunately we’re at ground zero at this point.”

Flore Albo’s Kate Fazzini

Fazzini said “we are also not prepared for the next unsophisticated attack.”

“If you look at what happened at the Colonial Pipeline, this was not like the SolarWinds attack; it was a ransomware attack,” she said. “And in fact, from everything I understand, the pipeline itself was shut down and all this disruption was caused because the company was confused about what it should do.”

See our slideshow above for more discussion of SolarWinds, federal response and more.