image via carriermanagement.com
A lot of our daily activities are supported by the current technology ecosystem, which is under threat from malicious actors, according to the leader of the country’s top cybersecurity agency. Director of the Cybersecurity and Infrastructure Security Agency Jen Easterly told Yahoo Finance that collaboration between the tech sector, consumers, and the government is necessary to advance cyber security in the United States during an interview at CES 2023 in Las Vegas.
The head of Firm Resilience at Morgan Stanley, Easterly said, “We live in a world…of massive connections where that critical infrastructure that we rely upon is all underpinned by a technology ecosystem that unfortunately has become really unsafe.” She added: “We cannot have the same sort of attacks on hospitals and school districts that we’ve been seeing for years. We have to create a sustainable approach to cyber safety, and that’s the message that I’m bringing to CES.”
Easterly, who helped design and create the United States Cyber Command and was confirmed as director of CISA in 2021, explained that tech companies need to make sure that the software they release into the world has fewer vulnerabilities that hackers can exploit.
According to Easterly, “We’ve essentially accepted as normal that technology is released to market with dozens, hundreds, or thousands of flaws, defects, and vulnerabilities.” We acknowledge that maintaining online security is everyone’s responsibility, including yours, mine, my mom’s, and my kids. However, we have placed the burden on consumers rather than the businesses that are best positioned to address it.
Hackers and state-sponsored actors have targeted a variety of targets over the past few years, including vital American infrastructure and IT systems that support the provision of services to residents of small towns. For instance: Hackers targeted JBS, the largest meat supplier in the world, in 2021 and demanded an $11 million ransom. Attackers breached Colonial Pipeline’s systems that same year, sparking worries about fuel shortages on the East Coast. Additionally, hospitals and hospital systems were the target of ransomware attacks throughout the pandemic, which forced them to postpone patient care.
Hackers gain access to systems by taking advantage of flaws or errors in the software and operating system code that run on computers and servers all over the world. Because people create that code, and people have flaws, they inadvertently create potential entry points for hackers to use to launch their attacks. According to Easterly, in order to make sure that the software is as error-free as possible, tech companies that power the world’s computers, like Microsoft (MSFT), need to be held to a higher standard.
In order to achieve this, according to the director, businesses must design secure products, make sure that security settings are enabled by default in their software, and encourage CEOs to adopt responsible corporate cyber practices. Cyberspace is a social good, claimed Easterly. “It concerns societal adaptability. My final point is that the relationship between government and business needs to be fundamentally altered.
Aspects of the US Cybersecurity Ecosystem
image via adamasuniversity.ac.in
The field of cybersecurity with all its complexities has been steadily gaining in importance over the last decade – and now, due to the Coronavirus-induced heightened dependency on digital infrastructure, this process is further accelerated. This country report shows that cybersecurity has evolved into a key national security issue and gives an overview of certain aspects of the U.S. cybersecurity landscape, by tracing policy developments from before the Covid-19 pandemic as well as current legislative considerations.
It’s All About Data
Today, humans produce more digital data than ever before. The “accumulated digital universe,” or the total data generated globally in 2020, is estimated to be 44 zettabytes or expressed more illustratively, 44,000,000,000,000,000,000,000 bytes. On any given day, 500 million tweets and 294 billion emails are sent and 5 billion online searches are conducted worldwide. In 2017, the Pentagon collected 22 terabytes of data every day, while Google currently processes over 20 petabytes of data per day.
At present, accelerated through the Coronavirus pandemic, individual citizens and consumers, corporations and small and medium-sized businesses (SME), civil society institutions, schools, and the government increasingly rely on information and communications technology (ICT) to work, communicate, learn, pay and play.
This massive amount of private, public, business, and governmental digital activity requires security, reliability and trust. In other words, cybersecurity as a public policy and national security issue is further gaining in importance.
This enormous volume of digital activity on a private, public, commercial, and governmental level necessitates security, dependability, and trust. In other words, the importance of cybersecurity as a matter of public policy and national security is increasing.
Cybersecurity refers to the practise of defending systems, networks, and programmes against (criminal to nation state) digital attacks intended to access, steal, manipulate, or destroy information, despite the difficulty of establishing a universally accepted definition of the term.
An intricate field, cybersecurity as a matter of policy affects such things as cybercrime, critical infrastructure (which includes public and private institutions in the areas of agriculture, food, water, public health, emergency services, government, defence industrial base, information and telecommunications, energy, transportation, banking and finance, chemicals and hazardous materials, and postal and shipping), cyberconflict and warfare, violent extremism, and network security.
American Cybersecurity Prior to the Corona
Before the current Covid-19 pandemic broke out, cybersecurity was already a top priority for U.S. national security policy because it is essential to safeguarding the economy and defense of the country. All 50 states now have chief information security officers (CISOs), and there are numerous federal agencies with varying levels of control over cyberspace and responsibilities for providing cybersecurity to the American government, its businesses, and its citizens. These efforts are in addition to state-level cybersecurity initiatives.
The following list of federal commissions, offices, and departments serves as a resource and serves to highlight the complexity of the cyber ecosystem:
– The FDA controls the cybersecurity risks associated with connected medical devices.
– The Federal Trade Commission (FTC) offers advice to citizens on how to interact online.
– The Federal Bureau of Investigation (FBI) looks into criminal, hostile, and terrorist cyberattacks.
– The U.S. Secret Service looks into financial crimes that use the internet.
– To safeguard American computer networks and individual victims from cyberattacks, the Department of Justice’s Cybersecurity Unit contributes to the development of cybersecurity legislation.
– The Department of Homeland Security (DHS) strengthens the country’s ability to fend off cyberattacks.
– The Commission on Enhancing National Cybersecurity of the National Institute of Standards and Technology (NIST) offers comprehensive short- and long-term recommendations to improve cybersecurity in both the public and private sectors.
– The DOD Cyber Crime Center (DC3) offers digital forensic services, cyber training, and analysis, while the Department of Defense (DOD) Cyber Command coordinates cyberspace planning and operations to defend and advance national interests.
– The Central Intelligence Agency (CIA) provides American policymakers with cybersecurity intelligence.
– Threat assessments, technical advice, and cybersecurity advisories are offered by the National Security Agency (NSA).
– Foreign cyber threats to US national interests are analyzed by the Office of the Director of National Intelligence’s Cyber Threat Intelligence Integration Center.
– And finally, the U.S. Department of State “leads the U.S. government’s efforts to promote an open, interoperable, secure, and reliable information and communications infrastructure that supports global trade and commerce, bolsters global security, and encourages free expression and innovation” in partnership with other nations.
The number of federal institutions actively influencing the cybersecurity capabilities of the United States government is not even close to being exhaustive. This suggests a high degree of complexity, if not fragmentation, potential barriers to cross-departmental information sharing and cooperation, as well as issues with overall agility. The government structures and jurisdictional boundaries mentioned above “fracture cyber policymaking processes, limit opportunities for government action, and impede cyber operations,” according to a significant reform initiative that is currently underway and is covered in more detail below.
The growing geopolitical power competition between China and the United States for regional and global influence is another development that has been taking place over the past few years, particularly in the area of information and communications technology, such as artificial intelligence, cybersecurity, and 5G. By connecting not only people but also the Internet of Things (IoT), 5G technology is widely believed to have the potential to fundamentally transform society. However, 5G technology also necessitates the development of new cybersecurity strategies.
In response to advancements in 5G technology, the Administration issued an Executive Order in May 2019 that proclaimed a national emergency with regard to the supply chains for information and communications technology and related services being at risk. The order forbids the purchase or use of any communications technology made by companies under the control of “a foreign adversary” that could put American communications systems at “undue risk of sabotage” or have “catastrophic effects” on the country’s infrastructure.
The Bureau of Industry and Security (BIS) of the U.S. Department of Commerce later identified more than 100 people or entities linked to the Chinese company Huawei, a leader in 5G technology, in their so-called Entity List. Being included on this list means that Huawei must obtain a specific license in order to export, re-export, or transfer any of its products. Leaving Huawei aside, 5G will nonetheless continue to raise fresh security issues for the US.
Governmental Cyber and Defense Plans
The National Cyber Strategy of the White House and the quadrennial National Defense Strategy both underwent significant strategic revisions in 2018, which significantly altered U.S. cybersecurity policy. In the former, it is stated that “ensuring cyberspace security is fundamental. Every aspect of American life, including our economy and defense, depends on cyberspace. Our private and public organizations still struggle to protect their systems, and our adversaries’ malicious cyber activities are becoming more frequent and sophisticated. The Internet was developed in America and made available to everyone. We now need to take steps to protect and safeguard cyberspace for future generations.
The overarching National Defense Strategy (NDS) notes that “today, every domain is contested—air, land, sea, space, and cyberspace” and classifies cyber security as a warfighting domain. Investments in cyber resilience, cyber defense, and the ongoing integration of cyber capabilities into the full range of military operations are also included in the NDS. By providing attribution while defending against and holding responsible state or non-state actors during cyberattacks, it aims to give the U.S.
Based on these tactics, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) was established in November 2018. (DHS). To “lead the national effort to understand and manage cyber and physical risk to our critical infrastructure and work towards a secure and resilient critical infrastructure for the American people,” according to its mission statement To that end, CISA coordinates security and resilience initiatives through public-private partnerships and offers technical support to infrastructure operators nationwide as well as to all tiers of government, including state and local.
Federal agencies and other organizations should take “urgent actions to implement a comprehensive cybersecurity strategy, perform effective oversight, secure federal systems, and protect cyber critical infrastructure, privacy, and sensitive data,” according to a 2019 GAO report titled “Ensuring the Cybersecurity of the Nation.”
The Effects of Cybercrime on the Economy
image via factly.in
The cost of cybercrime has steadily increased over the past ten years. Nearly $600 billion, or 1% of the world’s GDP, is lost to cybercrime annually, according to a global report that focuses on the significant effects that cybercrime has on economies worldwide. Business email compromises (BEC), the theft of intellectual property, online fraud, financial crimes and manipulation, phishing, and ransomware are common types of cybercrime that frequently target senior citizens. The Internet Crime Complaint Center’s (IC3) “2019 Internet Crime Report” was published by the FBI in the early months of 2020. Over 450,000 cybercrime complaints were made in that year, from both individuals and companies, with an estimated $3.5 billion in financial losses.
Finally, since the 2016 U.S. presidential elections, state-actor cyber interference in U.S. elections has received more attention. The CIA, FBI, and National Security Agency jointly declared after the election that they had “high confidence” that the Russian government had carried out a sophisticated campaign to sway this election through cyberattacks. Before Corona, the United States worked to improve election cybersecurity and respond to disinformation campaigns that used the internet to polarise people and undermine democracy. The coronavirus has increased the strain on state-run election infrastructure and caused major problems for state budgets. An HBO documentary on the flaws in some voting technologies serves as evidence that even popular culture is paying attention to the problem.