According to yesterday’s NY Times (July 16, 2020) U.S. Intelligence agencies have revealed that a small but well-known hacking group associated with Russian Intelligence have been “targeting U.S. healthcare organizations to gain intelligence about vaccines.”
Is this a triggering event, a national wake-up call, or only the media’s latest flash in the pan? Either way, the news is certain to draw attention to current trends in America’s cyber budget.
Only five months ago, on March 11th, 2020, the Congressionally established Cyberspace Solarium Commission (CSC) released its first report focusing on a comprehensive U.S. cyber strategy. As the two co-chairs of the commission declared, their aim was to drive “consensus toward a comprehensive strategy.”
In remarkable contrast with the traditionally calm tone of the civilian cybersecurity communities, the report uses unusually aggressive national security language, asserting that the “federal government and the private sector must defend themselves and strike back with speed and agility” and with “layered deterrence.” This reflects the view of the co-chairs that “the status quo is inviting attacks on America every second of every day.” If yesterday’s NY Times article is accurate, such a view would be certainly confirmed.
Though not explicitly stated, the unspoken implication is a strong argument for greater emphasis on non-military allocation of cybersecurity agency budgets throughout the federal government. To look is not to see. And gradual measures will be too little too late. And yet the dire cybersecurity warnings are everywhere to be seen.
In May 2020, two months after its original report, the CSC released an extensive annex, “Cybersecurity Lessons from the Pandemic” (CSC White Paper #1). Not surprisingly, the annex emphasizes the renewed importance of the commission’s 32 original recommendations, supplemented with several new ones:
· The need to digitize critical services and to do so securely,
· The overall importance of the U.S. government to lead the push for a more reliable cyber ecosystem, recognizing the increase in working from home, and
· The increase in fraud and other malicious activity during the pandemic, underscoring the critical need to build capacity to combat opportunistic cybercrime.
The recent Russian incident, whether apocryphal or not, adds worthy emphasis to the annex’s chilling final paragraph:
“Over the past two decades, the United States has experienced a barrage of cyberattacks that have impacted the national economy, American democracy, and peoples’ daily lives. Despite these shots across the bow, the United States has been slow to correct our course and update our institutions to meet the threat. Although not a cyberattack, the COVID-19 pandemic serves as another warning shot, challenging the resiliency of the nation in new ways and underscoring the urgency with which the United States must improve its capacity to prevent, withstand, and respond to crises regardless of their cause.”
Unlike the aftermath of 9/11, going back to sleep is not a winning option.
