High-tech vulnerability
The United States has by far the largest defense budget in the world — $778 billion last year, more than the next 11 countries combined. But hackers for criminal organizations and adversarial nations like Russia have been penetrating those defenses for years, and likely doing it for comparatively bargain-basement prices.
So it was somewhat welcome news last week when President Joe Biden ordered the federal government to get more serious about what his predecessor had dotardly called “the cyber.” But the deadlines Mr. Biden set are, in the scheme of things, far off — at least a year. That’s an long time for a country whose shocking vulnerabilities have been proven time and time again.
When the U.S. government sustained one of its worst cyberattacks last year — at least 12 major departments, including Defense, Energy and Homeland Security were compromised — by a group connected to the Russian government, our defenses were down for all the world to see. Then-president Donald Trump had eliminated the White House post of cybersecurity coordinator. He’d fired the nation’s highest cybersecurity official, the director of the Cybersecurity and Infrastructure Security Agency, and its deputy director. In the constant reality-show turmoil of the Trump administration, Homeland Security had no Senateconfirmed secretary, deputy secretary, or undersecretary for intelligence and analysis, among other key posts.
Mr. Trump isn’t the only president to have cybersecurity failures on his watch, of course. Over the course of the past three presidential administrations, the Veterans Administration, Defense Department, National Guard, IRS, Postal Service, and Office of Personnel Management have also been breached.
Hackers have also found their way into the systems of various state and local governments — including Albany, which was hit with a ransomware attack in 2019. They’ve gotten into computer systems for airports. Telecommunications companies. Airlines. Banks. Health care systems. Insurers. Law enforcement. Oh, and even Trump hotels, in 2014. You’d think the last president would have taken the issue more seriously.
We had hard reminders in recent days that hackers are still at work and that our defenses, public and private, are not always up to the task. What’s believed to be an Eastern European criminal outfit staged a ransomware attack on the Colonial Pipeline that supplies about half of the gasoline and jet fuel for the East Coast, causing a spike in gas prices and panic buying at the pumps.
Locally, separate cyberattacks prompted Rensselaer Polytechnic Institute to cancel final exams and other academic activity and suspend internet access, and the Guilderland School District to close school buildings and send middle and high school students back to remote learning.
Criminal ransomware attacks are bad enough. But the concern is much greater, and the stakes much higher, when it comes to hostile players compromising governmental and defense systems and critical infrastructure like pipelines, dams, communication networks and electrical grids, whose failure could wreak havoc as devastating as a traditional military attack. While federal agencies are working to comply with Mr. Biden’s order to shore up security when it comes to federal systems and software, the private sector that runs so much of the nation’s critical infrastructure must be doing the same.
A nation that terrorists showed was not so impregnable 20 years ago needs to realize these attacks are more than isolated annoyances. They are early warnings of how vulnerable the convenience of technology has made us.