From notable government agencies and healthcare to infrastructure and high profile politicians. the United States faces a variety of cyber threats, Some attacks are more sophisticated than others, but often we see simple social engineering phishing attacks. After many years of cybersecurity education programs, it is remarkable how often such simple attacks succeed. A 2018 Verizon report found about 92% of all malware is still delivered by email. It is the human aspect of security that is often the weakest link. Many of these attacks come from countries such as Russia, China, North Korea, and Iran. These countries frequently connect with terrorist and criminal networks, extending the potential for cyber-attack.
The current situation
The cyber threats posed before and during the midterm elections should still concern us. The reality is that we do not yet know the extent to which adversaries are still able to attack our digital infrastructure. Now, why does Russia (or any other superpower) want to cause chaos in the United States? One possible aim would be to cause us to distrust our own democracy.
As we have seen from recent electoral results, it can take only a few thousand votes to change the outcome of an election. If Americans don’t trust the results of an election or perceive that integrity is lost, the consequences could be dire. The individual states control voting systems and these systems do not all have the same features. For example, some machines have no audit trail. States with those types of machines are targets of opportunity for malicious attacks either through physical or network vectors.
These threats vary in terms of size and severity, but we are starting to lay the framework at the national level. In May, the Department of Homeland Security released a comprehensive cybersecurity strategy, and on Sept. 20th, the White House released its new national cybersecurity strategy. These initiatives are a strong indication that cybersecurity has become a priority for national security. One of the main highlights of this government guidance is deterrence by denial and deterrence by punishment. However deterrence can be a gray area, and how we respond depends on the type of attack and who is attacking.
What can we do?
Below the national level what mitigations could help us? Machine learning is the new method many organizations are focusing on to help detect, deter, and respond. If we use intelligent system monitoring, we can detect threats much faster. A recent Ponemon study found that organizations on average took six months to realize they were breached. New machine learning technology could help to effectively address this problem. However new technologies can be a double-edged sword. For example, blockchain technology is being used as a command and control system to hide attackers’ identities. Another example is the Autosploit tool, which combines well-known tools into a very powerful package that can be used by malicious individuals with limited technical experience.
We’ve looked at a wide variety of topics and we haven’t even scratched the surface. The cyber threats we face as a democracy comprise just a small subset of the greater issues found in cyberspace. It’s important to remember that cyberspace is an extension of how we interact with each other, and what we haven’t done in the past to protect our national interest, or for some other country’s national and economic interest.