Cyberattacks cause great damage to our national security, but as the recent ransomware cyberattack sadly reminded us, they also inflict major harm on the world economy. In fact, last week’s international ransomware cyberattack, which encrypted files, folders and hard drives, affected over 200,000 computers in over 150 countries worldwide.
Early this week, cyber experts detected a digital clue suggesting that the North Korean-linked Lazarus Group is behind the ransomware attack. The Lazarus Group is a cyber hacking organization widely believed to be behind the 2014 cyberattack on Sony Pictures, as well as the 2016 cyberattack against the Central Bank of Bangladesh in which some $81million was stolen. And yes, they’re linked to the same North Korea that has recently sent out random encrypted numbers over a radio broadcast thought by many to have alerted spies and that has developed a quantum encryption device.
Ransomware attacks remind us of how vulnerable businesses and economies are to cyber warfare. It’s not just our national security that’s at risk, it’s our economy as well. In fact, every year we lose more intellectual property on government, university and business networks than all of the intellectual property in the Library of Congress. In addition, we’ve seen numerous cyberattacks on Wall Street, which are constantly damaging the American economy.
Last week, President Trump signed an Executive Order aimed at strengthening the cybersecurity of federal networks and critical infrastructure. The Executive Order is right on point and addresses real cyber concerns. For example, the Executive Order tasked the Director of the Office of Management and Budget (OMB), in coordination with the Secretary of Homeland Security, to work together to ensure all departments and agencies have what they need to combat various cybersecurity threats. Also, it rightfully highlights the National Institute of Standards and Technology (NIST), which has been at the forefront of pursuing the type of advanced cyber capabilities we need to protect our national security and economy.
The Executive Order focuses on protecting our vulnerable critical infrastructure from cyberattacks. In recent years, we’ve seen an exponential surge in cyberattacks on our nation’s vital infrastructure. I’m concerned that hackers, be they lone wolves or patrons of a hostile state, can cause more harm to our financial institutions than anywhere else. The five biggest banks in America have assets equivalent to 56 percent of America’s GDP. This is up from 43 percent in 2006. The “too-big-to-fail banks” have only gotten bigger. Securing our financial system must be a top priority in the cyberwar. In addition, securing our electricity grid from cyberattacks should be at the top of the list as well.
The Executive Order also focuses heavily on cyber workforce development. Quite frankly, this has been long overdue and the President’s Executive Order is a big step in ensuring that America has an adequate workforce to combat our worst cyberattacks.
Cyberattacks are causing real long term harm to both our national security and economy. Cyberwarfare is the most complex national security threat that the U.S. has ever faced because technology is changing so quickly. The President’s Executive Order is a good first step in the right direction. However, much more can be done. Here’s what the United States can do now to effectively combat the cyberwar threat to both our national security and economy:
? Fully support NIST and the Air Force Research Laboratory (AFRL), and make the development of quantum computing – with the generation of true random numbers on a chip – a reality. Once mature, this would greatly reduce the likelihood of hacking into any system. Much like the British did to break the enigma code in WWII, let’s bring together America’s brightest cryptologists, mathematicians and physicists and give them the resources they need to develop the most secure form of computing.
? Recruit cyber experts at home and abroad. James Gosler, one of our nation’s top security experts, believes that the U.S. only has 1,000 people with the necessary skills to defend the country against the most complex cyberattacks out of the 20,000-30,000 thousand people required.
? Provide national security scholarships to top computer science and data security majors at U.S. colleges and universities.
? Fight a preventative war against cyberterrorists. We must go after our enemy before they can severely damage our economy.
? Follow the example of the nation of Georgia and plant booby traps for cyberterrorists and hackers.
? Replicate the Air Force CyberWorx model throughout the Federal Government. The U.S. Air Force, through its CyberWorx Program, is aimed at working with the business and educational community to identify “disruptive” cybersecurity technologies, and then develop “operational needs” cases for Air Force applications.
? Ensure that U.S. Cyber Command has the ability to coordinate with the private sector during a cyberattack. This may involve shutting down certain networks. Here, the private sector must be protected from liability.
? Distinguish between cyberattacks from China and Islamist regimes. Historically, Chinese cyberattacks are more about espionage and economic theft, while Islamist attacks are primarily focused on sabotage. Different countermeasures are required depending on the origin of attack.
The 9/11 Commission said that 9/11 was “above all, a failure of imagination.” The equivalent of a 9/11 in the cyber realm has the potential to be even more devastating to our economy. Outside-the-box thinking and good people will ultimately win the cyberwar for the United States. Now is the time to fight back with real imagination and creativity – and yes, a real plan – in order to win in this new dimension of warfare, cyberwar.