Summary List Placement
On Tuesday, tech CEOs will sit opposite senators in hearings on the sprawling SolarWinds cyberattacks, in the type of proceedings that have become familiar in recent years. But these will be dramatically different, experts say, because the government badly needs the cybersecurity industry’s help.
In the past, senators lambasted tech CEOs, demanding answers about social media and aggressive business tactics. But the Senate Intelligence Committee hearings with Microsoft, FireEye, CrowdStrike, and SolarWinds will provide a glimpse into how a powerful cybersecurity industry and the federal government will work together to fight off nation-state attacks.
Microsoft is sending Brad Smith, the $1.8 trillion tech titan’s president and its face on matters of public policy and government affairs, to the hearings, while the other three firms will all be represented by their respective chief executives. Tuesday’s hearings are the first of several scheduled for this week: On Friday, two House subcommittees will hold joint hearings with SolarWinds, Microsoft, and FireEye.
SolarWinds CEO Sudhakar Ramakrishna may face tough questions on Tuesday, and the CEO has conceded that his company has “some things that we need to learn.” The CEO told Insider earlier this month that “I would say the practices that we had were consistent with an average company, not a best-in-class company.”
In a statement, SolarWinds said that it is stressing collaboration with the government in the hearings. A spokesman said the hearings were “a public-private partnership for information sharing, collaboration and support that is necessary to protect us all against these types of complex, nation-state-led operations in the future.”
The hearings reflect a reinvention of the relationship between Capitol Hill and the cybersecurity industry
Investigators are still probing the extent of the massive cyberattack that compromised thousands of organizations, including top federal agencies and major businesses across the globe. Many of those victims were compromised after hackers implanted malware into widely used software distributed by SolarWinds, the cybersecurity firm FireEye first discovered in December. The identities of culprits behind the attack remain unknown, but US officials say they suspect Russian state-backed hackers are to blame.
Tuesday’s proceedings may reveal how a new type of private-public partnership responds to nation-state attacks of the future, after Microsoft, FireEye, and CrowdStrike have led investigations into the attacks. One key to this new partnership could be confidential intelligence-sharing between cybersecurity companies and the government that is exempt from public-disclosure and other regulation, experts say. This could make the cybersecurity industry even more powerful, and help the US compete with and nations where cybersecurity is largely managed by the government, such as China, Russia, and Iran.
Senator Mark Warner of Virginia, who is chairing the hearings, told Insider he wants to see action from the companies, but also concedes the government needs their help. “We’re going to have to figure out how to incentivize [tech companies] to secure their own systems and supply chains, and then figure a way that we can better share information about breaches between the private sector and the government.”
George Kurtz, the CEO …read more
Source:: Business Insider