LANSING – Global leaders want to carve out specific areas of critical infrastructure to be protected under international agreements from cyber attacks. But where does that leave others?

“There are ‘four or five steps you could take that could significantly mitigate this risk,’ Falk said. These are patching, multifactor authentication and all the stuff in the Australian Signals Directorate’s Essential Eight baseline mitigation strategies. …”

Back in April of this year, a BBC News headline read, “The ransomware surge ruining lives.”

And that was before the cyber attacks on critical infrastructure sectors like Colonial Pipeline, meat-processing giant JBS, the Irish Health Service and so many others.

And when President Biden met with Russian President Putin last month in Geneva, he declared that certain critical infrastructure should be “off-limits” to cyber attacks.

“We agreed to task experts in both our countries to work on specific understandings about what is off-limits,” Biden said. “We’ll find out whether we have a cybersecurity arrangement that begins to bring some order.”

As an initial positive step forward, this cyber defense policy makes sense. In fact, most global experts applaud these moves and efforts to better protect and clarify international crimes in cyberspace.

Previous administrations going back to George W. Bush have taken aggressive steps to ensure critical infrastructure is protected in the U.S. and around the world through actions involving people, process and technology, both offline and online. The 16 critical infrastructure sectors identified by DHS/CISA can be found here.

To read the rest of Dan Lohrmann’s column, click on