Worried about rapidly fixing cyber vulnerabilities in the highly digital age, U.S. Rep. Eric Swalwell (D-CA) introduced the Proactive Cyber Initiatives Act of 2022 last week to direct investment into new cybersecurity efforts and shift from responsive defensive tactics to proactive ones.
The trick, he contended, is to fix vulnerabilities in these wide-reaching systems before adversaries can exploit them. According to Swalwell, the U.S. handling in this area has left it losing out to other nations and, to a degree, the Federal Bureau of Investigation (FBI). In 2018, the FBI contended that every American not only could but should expect personal information to already be stolen and made available on the dark web.
This was primarily because of reliance on patching vulnerabilities after they had already been exploited rather than fixing them before damage could be done.
“Cybercrime is increasingly putting American families, businesses, and government agencies at serious risk. For too long, we have been addressing vulnerabilities only after a breach occurs,” Swalwell said. “My bill shifts the focus to one that is more proactive and innovative to protect our most critical infrastructures.”
The shifted focus would include a new demand for penetration testing on all moderate to high-risk government systems, backed by agency recommendations on any necessary authorities or resources. Federal agencies would also have to proactively report on cyber methods such as deception technologies to trap criminals and study their behaviors, continuous monitoring, or other means undertaken in response to system breaches. For those agencies with overlapping cyber jurisdiction, the National Cyber Director would henceforth be empowered to clear up conflicts.
Further, the new bill would, if passed, require experts to study and provide recommendations on how to mitigate risks and strengthen overall U.S. cyber infrastructures.