On March 21 2018, Congressmen Ted Lieu (D- LA County) and Ted Yoho (R-FL) both announced the introduction of a bill called “Hack Your State Department Act”. Lieu and Yoho are both trying to ramp up support for the act in lieu (no pun intended) of the increased amount of cyber attacks from China and other foreign powers.
China, one of the more larger nation states who have been increasingly on the offensive in terms of using cyber weaponry, are in the process of leaving the United States in the dust. Besides advances in cyber capabilities, is the brazen number of attack the United States faces from China alone: and these attacks are hugely successful.
Chinese military hackers (as well as third party hackers hired by the Chinese government) in recent years have stolen the most technologically advanced information the United States has, including plans for the stealth fighter jet the F-35. These hacked plans and technologies were later seen in China’s new stealth fighter, the J-20. Not only is China successfully stealing our stealth fighter jet projects, but also successful in entrenching themselves in our political institutions: senior US politicians emails have been infiltrated by Chinese military hackers.
And this is only what the public is allowed to know: only the military, private contractors and domestic agencies know the true extent of the damage dealt by these cyber attacks. Case in point, Congressmen Lieu’s and Yoho are seeking to minimize the cyber vulnerabilities and damage as much as possible.
Lieu explains: “As one of only four Computer Science majors in Congress, I recognize we have a lot of work to do to ensure the U.S. Government is on the cutting edge of combating cyber threats. We’re a global leader on so many fronts and that should include cybersecurity.”
Yoho adds: “You are only as strong as your weakest link. Vulnerability to cyber-attacks has been and continues to be a serious threat to our national security. It is vital that we do all we can to find the weak links in our government systems and fix them as fast as possible.”
Both Lieu and Yoho have found some support already:Katherine Charlet (Director of Carnegie’s Technology and International Affairs Program and former Acting Deputy Assistant Secretary of Defense for Cyber Policy) as well as Ari Schwartz (Coordinator of Coalition for Cybersecurity Policy and Law and Former Special Assistant to the President for Cybersecurity at the National Security Council).
The bill advocates that white hat hackers should be encouraged to find bugs in the US State Department computer systems for bounties ; this stems from a 2017 report called “Report to the President on Federal IT Modernization” made by President Trumps administration whereby they recommended that “agencies should establish vulnerability disclosure policies and set up private bug bounty programs.”
But will white hats actually be the answer to strengthening the nations cyber vulnerabilities in our agencies computer systems? No, the bill is in actuality a “cry for help” because Lieu and Yoho , as well as many of the nations top cyber experts, clearly recognize the fact that the United States is in dire straits in terms of cyber strength.
Enter the Defense Departments answer: the Cyber Mission Force. In response to the rise (and severity) of Russian,Chinese, etc cyber attacks, the Defense Department created this Cyber Mission Force that is comprised of 6,000 personnel that will be made into 133 teams. These 133 teams will be spread out across all branches of the military and National Guard. These teams will slowly integrate into their assigned units over the course of the year.
The intent of the CMF is to strengthen the cyber defense networks of the military, and prevent, discourage or completely stop these cyber attacks. Wholly defensive, some question if the US should become more of a cyber offensive power and give the previously mentioned nation states a taste of their own medicine.
In actuality, it has been more of an unspoken call in judgement by past and present Presidential administrations to not use cyber tools offensively and instead bolster our research/development and cyber defenses.
Nevertheless, as time has gone on, the issue of cyber security has become more than a hot button topic: it has become a reality that virtually no company is safe from. Case in point: every single Fortune 500 company has been a victim of cyber attack. Even more disturbing is that 77% of global business leaders admit they dont have any formal cybersecurity incident response plans.
So what can be, or should be, done? Well, the US certainly has to strengthen their cyber resolve. Allowing China and Russia to continue their wanton attacks without repercussion will cost us and our allies dearly. Even NATO is trying to shore up their cyber defenses. NATO is creating Atlantic and European cyber commands: an Atlantic command headed by the US to protect undersea cables and European command headed by European countries supporting military mobility.
No more can the US be in the back seat in regards to cyber. The faster we allocate our resources properly, the sooner we can bounce back and over take China and Russia. Though it may take time, the results will be worth it.
SOURCES USED IN THE WRITING OF THIS ARTICLE
http://www.nextgov.com/ideas/2018/04/will-us-ever-switch-cyber-defense-offense/147146/
https://www.afcea.org/content/nato-strengthens-its-cyber-stance
This is Mr.Fatso speaking... 