‘ Grave’ cyber risk to nation needs stronger response than we are seeing
Maybe someone will offer the United States a free year of credit monitoring. Once again, after perhaps the most serious cyber attack on the government ever seen, we are reminded that people — even those in sensitive government positions — just don’t take cybersecurity seriously enough.
Last week, the Cybersecurity and Infrastructure Security Agency said the cyber attack on most federal government unclassified networks “poses a grave risk to the federal government.” The attack, believed to have come from Russia, also gained entry into 18,000 businesses, including more than 425 on the Fortune 500 list. Microsoft also found victims in Belgium, Canada, Israel, Mexico, Spain and Britain. This goes well beyond the usual cyber espionage practiced by industrial nations.
Any tech expert will tell you that network security is really, really hard. But two years ago, the Trump administration axed the position of cybersecurity coordinator on the National Security Council, weakening the nation’s protections against cyber attacks. We shouldn’t be surprised that move turned out to be a colossal mistake.
Cyber experts are dismayed by what they have seen so far. In a so- called supply chain attack, the cyber hackers gained entry last spring through a vendor called SolarWinds, which sells software to thousands of government and corporate customers. The Department of Commerce, the Agriculture Department and the Department of Homeland Security’s cyber branch have confirmed they were compromised. The cyber spies might also have targeted the military, the White House, public health agencies, the Justice Department, the National Security Agency and even the Postal Service. It could take weeks or months just to know the extent of the intrusion.
The sophisticated hackers have had time to cover their tracks and open up “back doors” that will give them continued access to government and business networks even after their original point of entry is closed. It could take years to fully secure the networks.
In the meantime, those who have gained illicit access will have the ability to destroy or alter data. They can impersonate officials and spread misinformation. It will be harder to trust official communications and data. Taken to its extreme, they could cause all sorts of international turmoil.
Normally, you’d expect an immediate and outraged response from the U. S. government and an all- out crash program to rebuild our defenses, a prospect that is enormously challenging. But President Donald Trump has been quieter than a mouse.
President- elect Joe Biden has called the attack a top priority. But every day that goes by increases the risk of serious damage. We need action now.