This past winter, cold weather took down the Texas energy grid. Residents across the state had no electricity and no heat sources as temperatures plummeted. Everything that could fail did fail at a time when demand was at its highest. The\u00a0energy grid was not able to survive extreme weather, and the losses were catastrophic.\nWhat happened in Texas may be our best example at what a full-throttle cyberattack against critical infrastructure would look like if businesses and government don\u2019t improve their approach to cybersecurity.\nOn the positive side, it appears that the\u00a0Biden administration\u00a0has made cybersecurity a priority for the nation\u2019s critical infrastructure. The United States has taken significant steps to better defend against nation-state backed attackers.\u00a0 But just as foreign governments fund and enable their offensive teams, the U.S. federal government should help fund and coordinate the efforts of the security industry to better defend American companies, universities, and other organizations.\u00a0\nAs we all know, startups are typically at the center of innovation.\u00a0 Today, there is little to no coordination with any government program or entity to help enhance a startup\u2019s chance for success \u2013 it is a fairly Wild West environment.\nThis lack of coordination is not just between young companies and the federal government.\u00a0 It also exists between startups and the more established security players.\u00a0 This creates a situation where the typical CISO must defend against well-financed, well-trained, and motivated attackers, leveraging a perceived best-of-breed patchwork of security products to defend their organization.\u00a0 But how does that CISO know if their security architecture choices are really optimized?\nSteps forward in cybersecurity\nIt is a given that today, most security defenses are anything but optimized.\u00a0 In the first half of 2021, cyberattacks on industrial control systems (ICS) increased by 41% over the previous six months, according to\u00a0research\u00a0from Claroty. The cyberattacks on Colonial Pipeline, JBS Foods, and the Oldsmar, Fla., water treatment facility showed the fragility of critical infrastructure and manufacturing environments that are exposed to the internet.\nThese are the types of attacks the White House is trying to prevent. To protect our critical infrastructure, President Biden signed a national security directive addressing the\u00a0ransomware attacks\u00a0that have already impacted energy and food supply chains. The directive is voluntary (it would require legislation through Congress to be mandatory), but the goal is to have the companies responsible for keeping the critical infrastructure work toward the State goals to improve security from ransomware.\nThe Biden administration is also working with NIST (National Institute of Standards and Technology) to develop a new framework aimed at the security of the technical supply chain. And this past May, an Executive Order was signed to improve cybersecurity and protect federal government networks. Federal agencies are now required to use a zero-trust approach and institute improved incident reporting plans.\u00a0 President Biden continues to talk to Big Tech companies, holding cybersecurity summits to discuss threats facing organizations and to strategize on ways public and private entities can work together.\nThis is all positive movement toward addressing a growing national security problem.\u00a0 But more could certainly be done to better coordinate the defenses required to protect our country.\u00a0\nI am not suggesting that we regulate the security market, as the FDA does with the pharma industry \u2013 an industry that has often been considered a good analogy to the cybersecurity world. But to ensure the U.S. is on the front lines, government encouragement, coordination, and funding of the startup community must be a part of the battle plan.\nWhy investment in cybersecurity startups must stay strong\nThe recent\u00a0cybersecurity summit\u00a0that President Biden hosted included the usual suspects, Amazon and Alphabet\/Google, and other large corporations like JP Morgan. The little guys weren\u2019t ignored, with two venture-backed cybersecurity companies included in the conversation.\u00a0 But if the government is serious about tackling cybersecurity, then their focus should be on talking with and investing in the startup community and the entrepreneurs who are developing frontier technology to cope with what is yet to come.\nThe need to do this is twofold. First, without restraint, the Big Five tech companies will continue to get bigger and more powerful. Cybersecurity is a default setting for these guys, something they have to offer as their customers become more aware of the risks of a data breach and want to know tech companies are doing something \u2013 anything \u2013 to protect their personal information. Instead, their focus is developing tech products aimed at getting users to share more data and coming up with ways to monetize those products. As these companies get larger, cybersecurity could stagnate.\nThis leads to the second reason why there should be engagement with the entrepreneurial ecosystem. Innovation is born in startups. These small companies in their earliest stages begin with an idea, with a problem they want to solve. They can focus on those problems because they don\u2019t have large numbers of customers to satisfy. Cybersecurity startups are agile and can shift to address emerging threats quicker.\nAnd often, these venture-backed startups become some of the most respected and biggest names in the cybersecurity industry. The best recent example of that over the past decade is\u00a0CrowdStrike, but it is hardly the only success in the market. Cybersecurity venture capital is seeing\u00a0record numbers in funding\u00a0this year as the concern surrounding ransomware and other cyberattacks rises.\u00a0\nUnfortunately, instead of encouraging more of these innovative investments needed to protect the country, Congress is potentially creating a disincentive to embracing the risks of launching and funding more startups with its proposed changes to tax policy and small business incentives.\u00a0\nThe White House would be wise to take advantage of what cybersecurity startups have to offer to defend against attacks on our most critical infrastructure. CISOs should also pay attention to emerging cybersecurity companies that are raising or have raised venture backing. These are the companies that aren\u2019t looking only at existing cyber threats; they are looking at the future, at what cyber threats will evolve into, and how to develop innovative ways to protect from the attacks of the future. These are the companies looking at ways to focus security on data in ways to keep it from being impacted by a ransomware attack, and they will be the companies that have the solution ready to go for whatever attacks cybercriminals come up with next.\nEven with a better-coordinated industry, including positive government involvement, the market will require a new generation of startups to create innovative technologies that have a holistic view of an organization\u2019s increasingly complicated security stack.\u00a0 Fortunately, some of these companies are already underway, creating AI-based solutions to better manage and integrate the hodge-podge of other third-party solutions.\u00a0 But the industry is still in need of more of these innovative companies to be spawned to provide an optimized level of defense.