A plan to transfer cybersecurity and resilience responsibilities to states could have major unintended consequences.
In March, Trump signed an executive order that effectively froze former President Joe Biden’s critical infrastructure partnership strategy and directed Sector Risk Management Agencies (SRMAs) — which provide security support and guidance to various industries — to revise their infrastructure protection strategies. And in May, the administration proposed a budget that would slash the CISA teams that liaise with and coordinate government support for infrastructure operators.
“It feels like that whole [partnership] program could be in jeopardy,” said Errol Weiss, the chief security officer at the Health Information Sharing and Analysis Center (Health-ISAC).
The healthcare sector offers a stark example of these challenges. “We’re already seeing how bad it can get because of the ransomware that is still beating up hospitals on a regular basis,” Weiss said. These attacks are disrupting patient care, said a healthcare industry representative who requested anonymity to speak freely, arguing that “more than ever, cyber safety is patient safety.”
Given these trends, experts say the government should deepen its investments in critical infrastructure security, not scale them back.
Trump’s burden-shifting plan, experts said, would be disastrous for critical infrastructure.
“The idea [of] pushing the responsibility for cybersecurity to the states,” Weiss said, “is ludicrous.”
State and local governments “were not built and are not prepared to take on nation-state actors” in cyberspace, said Frank Cilluffo, director of Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security.
Read the article in Cybersecurity Dive. Click Here
