If you look back through history, it’s interesting to note how the vocabulary of security has changed. Going back millennia, people talked about using sticks and spears to defend themselves. In my lifetime, we’ve had debates over all kinds of guns and munitions, and more recently about missiles, robots and drones.
The experts seem largely unified in the opinion that cyberattacks are currently our number one national security threat. Our concerns have moved from military hardware to malware, ransomware and spyware.
Cyberattacks are efforts to compromise the integrity of computers, information systems and the operations that they control. These attacks can target the public or private sector to deny or disrupt access to information, attempt to steal data or money and many other objectives.
The U.S. is now engaged in a cyber-war with Russia over its interference in our elections. These attacks have been in the news after Special Counsel Robert Mueller reported on Russia’s digital interference in the 2016 U.S. elections. Mueller told Congress that the election meddling wasn’t a one-time attempt but that “they’re doing it as we sit here.”
Scores of cities have been the targets of cyber-attacks.
Massive breaches have affected customers of Yahoo, Marriott International, eBay, Equifax and many other businesses. In 2015, the U.S. Office of Personnel Management revealed that hackers had stolen information for over 20 million people who had worked for, or applied to work for, the government.
These attacks cost us a lot. The White House Council of Economic Advisers estimated that malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016. Some researchers have put the cost of global data breaches as high as $2.1 trillion.
Many cyberattacks emanate from Russia, China, Iran and North Korea. But significant attacks come from non-state actors, including terrorists and criminal organizations.
We often note the threat of cyberattacks to regional and national power grids, which are controlled electronically and are vulnerable to malware. In 2015, Ukraine’s power grid was shut down by an attack widely seen as part of a Russian effort to undermine Ukraine’s government.
Cyberattacks can target the crucial infrastructure necessary for a functioning economy. They can interfere with banks, stock markets, utility systems and other essential operations, throughout the economy and at every level of government.
What are we doing about it? So far, not nearly enough.
There are government initiatives to raise awareness and deter cyberattacks. The Defense Department has conducted research on threats to the power grid and is building “micro grids” to make its installations less dependent on the larger civilian grid. The federal government has tried to require certain private firms to strengthen their cyber defenses, penalizing firms for data breaches that occur due to a lack of cyber-security infrastructure. The FBI partners with federal, state and local law enforcement to combat cyberattacks.
But we’ve got a lot more to do.
Companies and organizations of all kinds need to demonstrate that they are taking the threat seriously, and invest more in cyber preparedness. The government not only has to protect its own offices; it needs to prod the private sector to allocate resources, work with international partners to develop agreements on cyber defense, and move against countries that sponsor cyberattacks.
Also, we need to train a workforce that can build and operate effective cybersecurity systems. Schools are beginning to meet that challenge by increasingly emphasizing STEM education, but many more highly trained experts will be needed.
Knowing that the 2016 Russian attacks targeted our elections, we must secure our voting infrastructure. The integrity of our democracy is at stake since accurate vote counts are essential to the legitimacy of our elected governments.
Every year, cyberattacks grow more organized, sophisticated, penetrating and daring. As former Director of National Security Dan Coats said, “the warning lights are blinking red.”
Cyber threats to America are scary. We must take them seriously. Yet President Trump doesn’t seem to be concerned about the issue; Congress and other officials have largely underreacted. Officials at all levels urgently need to up their game.
In many ways, we are not much better prepared than we were several years ago. More serious cyberattacks are certainly coming. We have been warned – now we need to prepare, defend – and counter. Our national security and well-being depend on it.
By Lee H. Hamilton