July 19, 2016
Much has been made of cyber threats that many organizations face these days, but many people assume that while businesses can fall to hackers, at least the government has the right defenses in place. But that assumption might actually be mistaken. Just as private companies have to worry about cyber attackers, the U.S. government and other local governments have plenty of concerns about the capabilities of today’s hackers. In fact, in many cases governments might be at a significant disadvantage when compared to private organizations. When looking at the current threats that continue to crop up, the U.S. may be falling behind at an alarming pace.
The biggest concern most government officials have is for much of the country’s critical infrastructure. That includes water systems and power grids. Just last year, a major cyber attack was able to cut the power to millions in western Ukraine. Investigations showed that it was a highly coordinated attack where a computer virus infiltrated electricity companies in numerous regions. The same type of attack could happen here, and as the NSA chief says, it’s really only a matter of time before such an attack occurs.
Protecting the critical infrastructure of the United States is far easier said than done. It requires a lot of cooperation and collaboration between the federal government, local governments, and private companies. If only one factor in that equation doesn’t plan well for the threat, hackers will exploit the weakness. For the moment, it appears one of the biggest weak spots lies with state governments. Cyber security experts say that most states only allocate around 1 to 2 percent of their overall IT budget to cyber security, which is minuscule compared to the 15 percent set aside at the federal level. While many state governments would no doubt like to take the latest cyber threats seriously, they need the funds in order to hire the top cyber security workers for their institutions. Without that funding, little can be done to improve security.
Part of the issue is how complex the problem turns out to be, especially in the variety of threats out there. Not only does the U.S. have to worry about opportunistic hacker groups (like what happened in Ukraine), but foreign governments have set their sights on U.S. government targets. Russia is considered by many in the intelligence community as the top cyber threat the United States faces today. Cyber experts believe that Russia is able to operate through many front companies in order to infiltrate U.S. networks and gain intel on the U.S. in that manner. China is another threat that needs to be taken seriously. Unlike Russia, China is more interested in trying to gain a bigger edge on the economic scene by stealing information about products and systems. With each country having different goals, it becomes more difficult to plan the right defenses to repel attackers.
Beyond the outside threats the U.S. has to confront, there is growing concern over the threats coming from insiders. This could be done through foreign agents who have infiltrated a company, or it may be the result of careless thinking by unwitting government workers. Either way, the risks that may come from within are too often overlooked, prompting the government to take the time to focus their efforts on defending against them. A recent survey from Symantec showed that 76 percent of respondents are working to focus more on insider threats, with more than half actually having an insider threat program that details what to do in worst case scenarios. These are of course a good start, but more work is needed to ensure that the most important systems are well protected from threats both external and internal.
To truly combat the numerous cyber threats the U.S. now faces, a closer relationship between the private sector and government will need to exist. This will lead to an easier exchange of cyber threat information, and with more knowledge of what’s out there, the more effective security measures can be made. There can also be increased funding for technology training programs, giving organizations and individuals the skills needed to recognize where threats are and what to do about them. With this combination of strategies, every piece of infrastructure, from water treatment plants to software defined storage equipment, will have the protection needed to stand up to these threats. The U.S. won’t have to feel like it’s falling behind at all.
Did you like this article?
Get more delivered to your inbox just like it!