The State of our Digital Union: Where the U.S. Stands on Cybersecurity
President Donald Trump is set to deliver his second State of the Union address tonight. Millions of Americans will tune in to hear Trump take stock of where our nation stands and lay out an agenda for his next year in office.
According to news reports, the president is expected to touch on an array of issues, including immigration, infrastructure, trade, healthcare, and the military. One topic reportedly not on the agenda: cybersecurity. Trump did not discuss cybersecurity in his first State of the Union address last year. And that’s a shame, because the state of our digital union is…less than strong.
Given the growing importance of cybersecurity in our society, we thought we’d take a moment to survey where the United States currently stands in the digital domain — and what our national security posture portends for your company.
We’ve talked about cyber threats to critical infrastructure before. But the evidence keeps rolling in that these risks are only getting worse. Critical infrastructure threats were a prominent part of the U.S. Intelligence Community’s recently released Worldwide Threat Assessment. Specifically, the report singles out Russia and China as the most worrisome nation state cyber threat actors. The assessment states that “China has the ability to launch cyber attacks that cause localized, temporary disruptive effects on critical infrastructure—such as disruption of a natural gas pipeline for days to weeks—in the United States.”
Moreover, the report notes that “Russia has the ability to execute cyber attacks in the United States that generate localized, temporary disruptive effects on critical infrastructure—such as disrupting an electrical distribution network for at least a few hours…Moscow is mapping our critical infrastructure with the long-term goal of being able to cause substantial damage.”
Too many executives mistakenly believe that these complex, geopolitical threats have little bearing on their organization. You might be thinking: I just run a small business. Why would Vladimir Putin or Xi Jinping want to target me? The fact is that all organizations — from mom and pop shops to Fortune 500 companies — rely on our nation’s critical infrastructure to run their businesses. If the lights go down, your business can quickly go down with it.
So what can you do to prepare yourself for these kinds of threats? Pay attention to reports of cyberattacks on critical infrastructure, and think through how these cyber threats may affect your organization. Also, be sure to have an incident response plan and a business continuity plan in place.
Cyber economic espionage has been a longstanding concern for our country. The scale of the problem is staggering. The Commission on the Theft of American Intellectual Property estimates that IP theft costs the American economy upwards of $600 billion per year.
The chief culprit behind this vast economic espionage campaign is China. Beijing based IP theft declined significantly following a 2015 agreement between President Barack Obama and Chinese leader Xi Jinping. But over the past four years, there has been a strong resurgence in Chinese cyber theft. FBI Director Christopher Wray recently noted that the Bureau is conducting economic espionage investigations in “virtually every one” of its 56 field offices, and “almost all of them lead back to China.”
China is a highly capable cyber threat actor. Still, there are steps organizations can take to protect their intellectual property from digital thieves. You can use monitoring software to track actions taken on IP data, such as file transfer tracking and email transfers. Additionally, be sure to thoroughly vet the security practices of any third-party vendor that has access to your IP.
Election Security and Influence Operations
The 2020 U.S. presidential election kicked into high-gear this past month, with a number of big names announcing that they are entering the race, including Kamala Harris, Kirsten Gillibrand, and Corey Booker, among many, many others (and some players to be named later).
But this growing pile of politicians are not the only people trying to win over American voters. Some of the United States’ near-peer adversaries, particularly Russia, are actively working to hack the minds, and the election systems, of the American people.
The U.S. still hasn’t fully grappled with Moscow’s meddling in the 2016 election. Now, Director of National Intelligence Dan Coates warns that Russia is ready for a repeat performance in 2020. Coates contends that “Moscow may employ…influence toolkits—such as spreading disinformation, conducting hack-and leak operations, or manipulating data—…to influence US policy, actions, and elections.” Moreover, Coates claims our adversaries “seek to use cyber means to directly manipulate or disrupt election systems—such as by tampering with voter registration or disrupting the vote tallying process—either to alter data or to call into question our voting process.”
President Trump argues that his administration has “done a lot of work” addressing election security. But many experts say that much more remains to be done. Given the partisan nature of these issues, it remains to be seen whether our politicians will take the necessary steps to protect the integrity of our voting process.
We’re Here to Help
What’s the state of cybersecurity in your organization? You should certainly be raising these issues more than Trump is doing in his State of the Unions thus far. If you’re like most companies, or countries, you’ve got some work to do in the digital domain. Check out our Resolve and Advance programs, where we offer personalized cybersecurity training designed to equip you with the people and skills to protect your most critical assets from digital threats.