The election contested by Hillary Clinton and Donald Trump stands to be perhaps one of the most polarized in the recent history of the United States, with both candidates appealing to demographics that have vastly different attitudes towards the issues the country faces. Already, American citizens (and the world) watched as both candidates hit it off in fierce debates that consisted mostly of both of them attempting to demonstrate that the other is worse. But while we stand as witnesses to this spectacle, we can’t help but notice that cybersecurity, one of the key issues that affecting the United States and its status in the world, has been overlooked save for a passing mention. With a third debate Wednesday evening, we are willing to bet that this won’t change very much. Immigration, healthcare, taxes, and welfare have become the most heated topics in today’s political discourse. But it’s telling when the country that still leads the world in military strength and technological innovation continues to glean over the fact that cybersecurity has become a major global concern in the past decade or so.
Why Cybersecurity Is So Important Right Now
The threat of cybersecurity to companies and individuals has been well known since the mid-90s. Government services, to some extent, have been aware of these concerns but have been a bit slower to address them. Since the start of the 2010s, hackers have upped their game and attacked small and medium sized businesses rampantly. Just in 2016, the surge in attacks have hit small businesses pretty damn hard. Private organizations have constantly been threatened by malefic individuals, saboteurs, and hacking groups. This is where the similarities end between the private sector and the government. According to a survey by Cybereason, cyber security ranks high on the voter’s agenda: 70% of registered U.S. voters polled – cyber attacks were more of a threat than ISIS, climate change, and nuclear weapons. In addition, cyber security wasn’t just a concern in the context of national security, it’s one the most important issues to the country’s future, according to 53% of the voters polled.
The United States government has recently been pushed through a series of scandals that shed light on how blasé its attitude has been about cybersecurity, at least as far as political party organizations are concerned. The most media coverage over this event came in the form of speculation about the source of this breach. We’re saying that regardless of where the breach came from, we should be shining a light on other areas of government where such a breach is possible. Just imagine what kind of chaos the country would be under if this breach would have been performed on their electrical grid. What about the Department of Transportation? Or the Department of Motor Vehicles?
Or what about the Office of Personnel Management? This one’s worth a mention since it was breached in 2015 and several million U.S. citizens’ personal information including social security numbers were compromised. This included state employees who would normally handle the nation’s classified information. This was perhaps the largest breach of a government entity in history and certainly had the biggest impact, considering that the Office of Personnel Management also stores information that could be used to blackmail officials and other crucial employees.
What The U.S. Is Doing Wrong
As much as we hate to be the bearer of bad news, it may come as a surprise to some that the U.S. government itself is woefully behind many other OECD nations on cybersecurity. This is probably because Americans still see the entire national security issue as one of military strength. But in the 21st century, most of the world has taken an affinity for these curious little boxes we like to call computers. Sometimes these computers, when they are not secure enough, present a level of threat vulnerability akin to disarming your military and replacing their uniforms with tutus.
The worst case scenario presented itself with the DNC hacks: It’s likely that a foreign entity initiated the attack. This is hopefully the point where we realize that gunpowder is an 11th-century invention that can only help you so much after a thousand years. That little black powder does nothing to stop a country’s best hackers gunning (pun intended) for your weakest servers. And if you think that the level of threat is minimal in the U.S., consider that the Government Accountability Office just recently released a report showing crucial vulnerabilities in department infrastructures.
In the report, you may have noticed a couple of little gems, such as the Department of Transportation still using an unsupported programming language full of security holes to manage the transit of hazardous materials on U.S. roads. Several vulnerabilities have also been found in the Department of Homeland Security, where immigration and customs enforcement systems are still lamentably out of date. As of May 2015, thousands of government computers were still running Windows XP, a system that Microsoft stopped updating with new security fixes since April 8th the previous year.
What Should The U.S. Do?
Staying with what’s tried and true is a philosophy that’s as American as apple pie and it’s been working well for a long time. The problem is that technology is a completely different beast. In this particular case, it doesn’t hurt to look at what other nations are doing and reproduce their best practices. Singapore, for example, just recently decided to air-gap most of their crucial government systems, making it virtually impossible for hackers to access them remotely. Even if they’re still running Windows 98 on those computers, there’s no way a script kiddie a thousand miles away is going to get access to whatever is stored in them.
With top-level clearance systems that cannot be air-gapped, we’d say that the best practice is to rely on proper public/private key management for encryption. Make keys inaccessible to remote entities (like we do) and that should take care of remote threats even when you’re connected to the internet.
We love the United States as much as anyone loves their wacky yet fun neighbors, but it’s important for everyone to start looking at cybersecurity as a national security issue of crucial importance. It’s in everybody’s best interests to be prepared for the calamitous effect that cyber warfare can have on a nation’s infrastructure. The last thing you want is to sacrifice security for convenience at the expense of leaving yourself vulnerable to some basement dweller who can turn off an entire state’s electrical grid with the push of a button.
National security is no longer just a military issue. A nation is made up of the vast departments that run it, and having a security vulnerability in any one of them leaves you open to exploitation in ways that you may not be prepared for. It’s time to get smart about cybersecurity and we believe that we’ve done our part in convincing you that this should be an issue that merits more attention than it’s been given in the past months. To say the least, the fact that it only receives a passing mention worries us due to everything we’ve stated above.