Colonial Pipeline may have recovered some of its ransom money paid to hackers, but cybersecurity threats continue to be nearly weekly occurrences. Increasingly, they are targeting infrastructure sites like meat plants and subway stations, threatening the old ways of doing business and American way of life.

The question is: why do they keep happening?

The latest major cyberattack targeted JBS SA, the world’s biggest meat producer globally, temporarily forcing the big meat producer to shut down all its U.S. beef plants last week.

While the Biden administration has been making strides and introduced an executive order on cybersecurity last month, analysts and cybersecurity experts are warning that it may be too little, too late.

"Based on the White House Executive Order there are a number of immediate problems, such as the distinct possibility that it will lead to excessive spending based on the fact that all organizations will need to comply and that the easiest way to do so is to buy cybersecurity resources quickly based on what other organizations buy,” says Mikael Björn, the Managing Director of Cybersecurity Solutions and Research Practice at BTblock, a cybersecurity consulting firm. “This unfortunate consequence is that this leads to a monoculture, which is exactly what led to the recent SolarWinds debacle.”

He is not alone. A growing number of government voices have been urging for faster, more coordinated action between the government and the private sectors following an unprecedented, growing pace of attacks we’ve seen targeting a range of companies on U.S. soil.

“The SolarWinds incident has exposed gaps in our ability to identify and manage critical risks, not just in the federal government but in some of the most mature and well-resourced companies in the world,” said Christopher DeRusha, Federal Chief Information Security Officer at the Office of Management and Budget, at the U.S. Senate hearing back in March. “I believe we’re at a crossroads for our nation’s cybersecurity.”

Given an increasing pace and variety of attacks we’ve seen recently -- from the scale of the SolarWinds breach to electoral interference and vaccine disinformation efforts -- there is an increasing need for the United States to finally step up its cybersecurity strategy and coordinated response.

While the legislative framework for a more comprehensive cybersecurity has been in place for some time, there is greater urgency now.

Most analysts I’ve talked to in recent months point to a continued lack of coordinated political action, failure of various agencies to share information in real time as well as the government sector’s ability to attract and retain top cybersecurity talent as core factors in holding back faster progress.

The geopolitical stakes could not be higher, not to mention business costs from increasing attacks on hospitals, vaccine distributors and healthcare providers.

“There needs to be a better job of institutionalizing coordination across the federal government and having a focal point for defending American national security and economic interests in cyberspace,” says Erica Borghard, a Resident Senior Fellow at the Atlantic Council.

At the Senate Intelligence hearing in February, executives from Microsoft, SolarWinds and FireEye took turns sharing their ideas on what this centralized approach could look like.

“I do believe it needs to be a central agency inside the government -- you can’t go to three or four, you’ve got to pick one,”said Kevin Mandia, CEO of FireEye, which first disclosed the SolarWinds hack. “You’ve got to get information into the hands of the folks and start safeguarding the nation, far faster than what we’re doing today.”

Cyber Unified Coordination Group, the agency that is now leading the cybersecurity response, was only formed in December 2020. The Senate has yet to confirm Biden’s nomination of Chris Inglis for the role of the nation’s first Cyber Director.

Recent cybersecurity hearings showed the lawmakers are still scrambling to manage evolving cybersecurity threats and who should be held responsible when things go wrong.

At a hearing in March, Rob Portman, the U.S. senator from Ohio, asked witnesses who should be held accountable with DeRusha naming several agencies and struggling to provide a clear answer.

While the government agencies are deploying new programs like CDM, it's taking longer to deploy and update their systems to be able to detect and react to cyber threats effectively.

“We believe CDM is the foundation to ensure that we can get the capabilities out to 102 federal civil branch agencies and have a common baseline of tools and capabilities,” Brandon Wales, Acting Director at the Cybersecurity and Information Security Agency, at this hearing. The agency is working to complete phase one and two of the rollout this year, and then add additional capabilities in 2022.

What makes the challenge of coordinated response even more difficult is that the threats continue to evolve, proliferate at a rapid pace and are relatively inexpensive for a number of actors to execute.

Even when the FBI issued warnings that the onslaught of deepfakes were likely to continue, the United States’ broader cybersecurity response and strategy to combat misinformation continued to be in disarray.

“Malicious actors almost certainly will leverage synthetic content for cyber and foreign influence operations in the next 12-18 months,” FBI said on March 10. “Foreign actors are currently using synthetic content in their influence campaigns, and the FBI anticipates it will be increasingly used by foreign and criminal cyber actors for spearphishing and social engineering in an evolution of cyber operational tradecraft.”

The government agencies also face the difficulty of recruiting and retaining qualified cybersecurity talent.

“Education, training and also retention for the federal government, in particular, is a big challenge because the private sector is appealing,” says the Atlantic Council’s Borghard. “So thinking about creative ways of retaining existing talent is also important.”

While the effort to normalize relations with Russia began in February with the signing of the “New START” treaty, there is a lot of damage control and diplomatic work cut out for the Biden administration following the Trump years.

Brad Smith, president of Microsoft, noted that 75 governments have already signed the Paris Call on Trust and Security in Cyberspace. 

“More than 1,000 private organizations, including my own, have signed that,” he said. “And I hope that this White House and this State Department will act on that. The consensus is there if the U.S. leadership can help push it across the finish line.”

Since the start of 2021, the U.S. government and corporations have faced newer types of attacks at an accelerated pace. It will take more than one executive order to make all of America’s cybersecurity nightmares go away.

FBI Director Christopher Wray compared the challenge of tackling different types ransomware hacks to the threat posed by the September 11 terrorist attacks, the Wall Street Journal reported.

“There’s a shared responsibility, not just across government agencies but across the private sector and even the average American,” he said.