*America isn’t ready for what’s coming - Cyber attacks*

Destructive malware has flooded hundreds of Ukrainian websites and computers since Vladimir Putin announced his invasion. It would be a mistake to assume such attacks will remain limited to Ukrainian targets.

Last week President Biden warned President Putin against Russian cyberattacks on US critical infrastructure. American businesses aren’t ready for a war in cyberspace, although President Biden designated the Department of Homeland Security to lead what he vowed would be a forceful response to any such aggression, this isn’t enough. The D.H.S. doesn’t have the legal authority to order the private sector to follow its lead. Even if the federal government warned companies like Microsoft of incoming cyberattacks, it doesn’t have the necessary infrastructure in place to protect American businesses from many of these attacks.

That the United States has to resort to threats of retaliation is itself a problem. America should already be cyberattack-proof, but coordinating these efforts across the country has been an uphill battle.

The US lacks an organized response, the weekly reports of ransomware attacks and data breaches make it clear that they’re losing this battle. That’s why America’s leaders must rethink the current cyber defence system and rally around a centralized regulator to defend both citizens and the private sector against current and future attacks.

The decentralized nature of the American government does not lend itself to fighting foreign cyber threats. Government agencies handle cyber regulations and threats in the sectors they oversee, an inefficient and ineffective way to address an issue that cuts across our entire economy.

Almost every industry runs its computers on one of three operating systems: Windows, macOS and Linux. In many cases, they also use the same business software, a defence contractor’s payroll system isn’t much different from a pharmacy’s. That means vulnerabilities are similar across industries, and will therefore require similar solutions.

A centralized government response centre, then, makes sense. Getting information about hacks and vulnerabilities flowing quickly and effectively between the government and the private sector, as a central agency would. It is essential to stop cyberattacks asap before they spread too far.

Several industrialized democracies are already adopting a centralized approach. With its recent Network and Information Security Directive, the EU is now proposing uniform cybersecurity standards across industries and its 27 member nations. Britain, Canada and Australia have moved to consolidate their cybersecurity functions into one agency that works with the private sector while retaining specialized functions for intelligence collection and law enforcement.

These moves shouldn’t be dismissed. While it is too early to fully assess the success of these new consolidating measures, the United States is clearly behind the curve.

Britain has just adopted its second multiyear national cyberstrategy, while the United States struggles to come up with its first.

Last month, the Environmental Protection Agency and its federal partners urged the nation’s 52,000 private and municipal water supply systems to bolster defences against a potential Russian cyberattack that could disrupt or contaminate our drinking water. A central regulator would greatly simplify this process. It could ensure that the managers of each water system were fully aware of the critical details of a possible Russian attack. It could immediately disseminate critical information regarding the attack. And it could educate potential victims on how to minimize the spread of the attack.

None of this will be easy or put in place quickly.