History has proven that adequate measures need to be in place to address emerging threats facing the United States.
In the immediate aftermath of the 9/11 terror attacks, for example, President George W. Bush announced the creation of the Department of Homeland Security to coordinate a national strategy to protect the U.S. against emerging threats from foreign terrorist organizations like Al-Qaeda.
Now, as the world today becomes increasingly more technologically integrated, the country’s national security doctrine requires tools that can keep pace with emerging threats from both state-sponsored hackers and their proxies in the cyber domain.
The need for these tools is highlighted by intelligence the White House is sharing with the nation warning that the Russian government is exploring “potential cyberattacks” that would target critical infrastructure throughout the U.S. That is on top of a series of recent cyber breaches of trusted, third-party vendors. These breaches also indicate the need for more regulatory oversight, and additional government led certification bodies to enhance accountability for contractors tasked with maintaining our national security.
In 2020, a notable cyber-attack on the Colonial Pipeline shut down 5500 miles of pipeline, disrupting the flow of vital energy resources and risking an increase in gas prices. Threat actors from Russia and China have also leveraged a sophisticated, multi-pronged strategy to use investment vehicles for the purposes of carrying out multi-faceted attack strategies.
Beyond focusing on attacking the government sector, two hacks at financial services firms JP Morgan and Equifax exposed 225 Million files of personally identifiable information and highlighted the vulnerability of the private sector.
It has also become increasingly common for a company to encounter a computer intrusion via a third party, such as a new subcontractor or the acquisition of a company with weak cyber defenses. Take for instance, the recent SolarWinds compromise which warranted a federal investigation by the SEC. In this case, the Russian Foreign Intelligence Service’s attack on the cybersecurity firm SolarWinds Corp spread widely because it occurred as the firm was rolling out its Orion product suite update, which eventually led to the infiltration of nine U.S. government agencies, including the Department of Homeland Security, the U.S. Treasury, and the Department of Justice, along with major corporate clients like Microsoft and Cisco.
The efficacy of the cyberattack was enhanced by the shortsighted business practices that the majority owners of SolarWinds -- the private equity firms Thoma Bravo LLC, and Silver Lake Group -- undertook after acquiring the company. In the name of restructuring for profitability, Thoma Bravo slashed costs; outsourced labor to places like the Czech Republic, Poland, and Belarus; laid off employees; and curbed spending on security. Former employees complained that common security practices were eschewed if they were costly.
Thoma Bravo’s restructuring of SolarWinds has been so problematic that the U.S. Securities and Exchange Commission has begun an inquiry into the breach and several U.S. lawmakers called on the U.S. Attorney General Merrick Garland to provide information on what information was hacked. Without a stronger public-private-partnership approach for handling cyber terrorists, we will likely continue to see major breaches and have valuable as well as classified information fall into the wrong hands.
Instances like SolarWinds demonstrate why we need a strong government entity overseeing our country’s cyber defenses. Much like Al-Qaeda was in 2001, state-sponsored cyber terrorists represent perhaps the biggest threats to American national security today and the federal government needs to devote the same attention and resources it did to terrorists like Osama bin-Laden two decades ago to these hackers.
