It’s no longer cliché to think of cybersecurity as an arms race. Cyber-attackers and their victims have been scrambling for a leg up over each other for ages, so governments are noticeably ramping up their levels of intervention. And rightly so.
The U.S. Defense Department is already working with executives from high-frequency trading firms and others on Wall Street, exploring how hackers might exploit market vulnerabilities, according to The Wall Street Journal on last weekend. There are even bills in Congress to help the SEC improve cybersecurity and empower hacking victims, as well as an EU data privacy regulation that goes into effect next year.
“Regulators are training their sites on policies, practices and people,” Financial Advisor stated last week, noting the SEC’s renewed focus on its own cybersecurity — and that of others. “The agency is making it increasingly clear that it expects those it regulates to up their games as well.”
Governments mandates for cybersecurity are increasingly essential as threat actors continue to change tactics. For example, a group responsible for billions of dollars in cyber-theft across the globe has recently escalated its game, making its intrusions even more difficult to detect.
The Evolving Cyber-Battlefield
More than half (58 percent) of small businesses in a survey released last week had been hacked, but most of the victims didn’t even realize it until after researchers showed them a list of cyberattack methods. And hackers have found other ways to sneak into your network — apart from your laptops and mobile devices — including the IoT sensors you use to collect massive volumes of critical useful data.
“Industrial Internet of Things (IIoT) brings many great things to the table … a plethora of functions designed to make modern plants functional and streamlined,” PACE stated last week. “However, modernizing manufacturing plant to include the IIoT also means it will become vulnerable to cyber-attack.”
Other cybercrime evolutions include skyrocketing sales of nefariously lucrative ransomware on the dark web — up more than 2,500 percent since 2016 — according to a report released last week. This out-of-the-box technology doesn’t require much software savvy, and increasingly popular cryptocurrencies such as bitcoin offer unprecedented anonymity to perpetrators.
But U.S. officials want to undercut that anonymity.
Are the Bad Guys Winning?
The FBI is trying to expose hackers, especially those of the state-sponsored and organized criminal varieties, according to Nextgov this month. And the bureau’s cyber response team isn’t messing around; the penalties it seeks for cyber-attackers include public shaming, prison sentences and even “battlefield death.”
Some of those state-sponsored actors are going after U.S. elections, the Department of Homeland Security stated last month. So researchers associated with the DEF CON hacking conference — where hackers successfully breached more than 25 pieces of election equipment this year — announced last week that cyber-community members will team up with national security leaders, academic institutions and others to seek ways of making U.S elections more secure.
“No matter the level of nation-state hacking or interference in 2016, if our enemy’s goal is to shake public confidence about the security of the vote, they may already be winning,” the DEF CON report stated.
So the government is putting its money where its mouth is, increasing cyber-spending from about $20 billion this past year to about $43 billion by 2020, according to Federal News Radio this month. But growth in cyber-defense — actions that prevent an attack — may be slowing in favor of building up cyber-resilience, an agency’s ability to continue operations during an attack.
An Act of War
Government responses to cyberattacks still haven’t gone far enough, according to a former U.S. Secretary of State and 2016 presidential candidate.
“Cyberattacks on vital information sources should be treated as an act of war,” Hillary Clinton said at Stanford University this month. “The Russians are working to turn Americans against each other … they want to fan the flames of division and weaken us.”
Clinton’s words may have taken on more significance on Tuesday, when Business Insider revealed that FBI special counsel Robert Mueller had interviewed a cybersecurity researcher regarding e-mail messages stolen from Clinton during the election. Meanwhile both major American political parties’ national committees have amped up their cybersecurity efforts, The Hill noted this month.
For example, in the two months since former Uber executive Raffi Krikorian took over IT operations for the Democratic National Committee, staffers have ditched text messages in favor of a secure messaging app, and they’ve started running cybersecurity drills. But even if they’re on more secure footing than last year, they’re still on guard.
“No security person would ever admit that they are confident or not confident,” Krikorian told The Hill. “It’s an arms race.”