The US Is Facing A Catastrophic Cyber Attack

Uploaded on 2020-03-31 in GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW

The US Cyberspace Solarium Commission, a bipartisan body of lawmakers, intelligence officials and others, has claimed in its Report that the country faces multiple threats from cyber-criminals and nation states. In its new report the CSC has warned that the nation is “dangerously insecure in cyber,” and recommended a series of actions intended to avert damaging attacks on critical infrastructure and the financial system.

The US is facing a “catastrophic cyber-attack” which could create lasting damage exceeding that of the many serious fires, floods and hurricanes the country has had to endure, according to a new analysis from a federal commission.

The Report says that digital connectivity that has brought economic growth, technological dominance and an improved quality of life to nearly every American has also created a strategic dilemma.The more digital connections people make and data they exchange, the more opportunities adversaries have to destroy private lives, disrupt critical infrastructure and damage our economic and democratic institutions, the Report states.

The report notes that about 95 per cent of successful cyber-attacks are the fault of what he called “rookie mistakes that people making in configuring technology, or [poor] digital hygiene, not patching, retaining default passwords.”

Named after President Dwight Eisenhower’s 1953 Project Solarium on strategic challenges, the 182-page Report makes 75 recommendations across the public and private sector, while presenting several draft bills and proposing changes to government departments and the creation of a National Cyber Director.

“The United States now operates in a cyber-landscape that requires a level of data security, resilience and trustworthiness that neither the US government nor the private sector alone is currently equipped to provide... Moreover, shortfalls in agility, technical expertise and unity of effort, both within the US government and between the public and private sectors, are growing.”

To tackle these challenges, the commission advocated a “layered cyber-deterrence” approach designed to “shape behavior, deny benefits and impose costs.”

The first requires the US to work with allies to promote responsible behavior in cyberspace, the second, to work with the private sector to enhance security, and the third, to retain the capacity to retaliate against enemies in cyberspace.

The Reports strategy outlines three ways to achieve this end state:

  1. Shape behavior The United States must work with allies and partners to promote responsible behavior in cyberspace.
  2. Deny benefits The United States must deny benefits to adversaries who have long exploited cyberspace to their advantage, to American disadvantage, and at little cost to themselves.
    This new approach requires securing critical networks in collaboration with the private sector to promote national resilience and increase the security of the cyber ecosystem.
  3. Impose costs The United States must maintain the capability, capacity, and credibility needed to retaliate against actors who target America in and through cyberspace.

US Future

The report stated that neither the US government nor the private sector is prepared to meet today’s cyber threats and that existing shortfalls in preparedness are getting worse. Therefore, the status quo in cyberspace is unacceptable. The current state of affairs invites aggression and establishes a dangerous pattern of actors attacking the United States without fear of reprisal. Adversaries are increasing their cyber capabilities while US vulnerabilities continue to grow.

There is much that the US government can do to improve its defenses and reduce the risk of a significant attack, but it is clear that government action alone is not enough.

Lawfare:       Infosecurity Magazine:      Claims Journal:     IT World Canada

You Might Also Read:

Top Six Cyber Secure Countries:

A New Age of Warfare:

 

 

« Container Shipping Gets A Cyber Security Mandate
Artificial Intelligence, Automation, Training & Jobs »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Spirion

Spirion

Spirion offers data discovery, classification, and protection tools for your business's privacy, security, and compliance program to avoid gaps and risks.

France Cybersecurity

France Cybersecurity

France Cybersecurity represents the French cybersecurity industry to raise international awareness of French cybersecurity capabilities and solutions.

MNCERT/CC

MNCERT/CC

MNCERT/CC is the national Computer Emergency Response Team for Mongolia.

Base Cyber Security

Base Cyber Security

Base Cyber Security is an information and cyber security talent service provider and career specialist.

ProWriters

ProWriters

As a leading cyber insurance company, ProWriters offers flexible Cyber Liability Insurance coverage designed to cover privacy, data, and network exposures.

Corellium

Corellium

Corellium are dedicated to supporting our peers in the ARM community who seek to build more secure, performant, and accessible software and devices.

Cyber Lockout

Cyber Lockout

Comprehensive ransomware insurance and preventative cybersecurity technology solution, working together to help protect businesses 24/7/365.

Wavex Technology

Wavex Technology

Wavex Technology is an award winning IT Services firm offering clients a secure and fully managed IT service.

Spike Reply

Spike Reply

Spike Reply is the company within the Reply Group focusing on cybersecurity and personal data protection.

Gradient Cyber

Gradient Cyber

Gradient Cyber is a trusted cybersecurity partner specializing in small businesses and mid-market enterprises concerned about cybersecurity but lacking the staff to give it the attention it deserves.

V3 Cybersecurity

V3 Cybersecurity

V3 Cybersecurity is a unique company focused on contextualization of security programs from a business perspective. Our mission is to provide enterprise IT Risk Management capabilities.

Crispmind

Crispmind

Crispmind creates innovative solutions to some of today’s most challenging technology problems.

EPAM Systems

EPAM Systems

Since 1993, EPAM Systems has leveraged its advanced software engineering heritage to become a leading global digital transformation services provider.

Lasso Security

Lasso Security

Lasso Security is a pioneer cybersecurity company ensuring comprehensive protection for businesses leveraging generative AI and other large language model technologies.

Anetac

Anetac

Developed by seasoned cybersecurity experts, the Anetac Identity and Security Platform protects threat surface exploited via service accounts.

OryxAlign

OryxAlign

OryxAlign offer managed IT and cyber security, cloud and digital transformation, and tailored professional and consulting services.