The US Is Facing A Catastrophic Cyber Attack

Uploaded on 2020-03-31 in GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW

The US Cyberspace Solarium Commission, a bipartisan body of lawmakers, intelligence officials and others, has claimed in its Report that the country faces multiple threats from cyber-criminals and nation states. In its new report the CSC has warned that the nation is “dangerously insecure in cyber,” and recommended a series of actions intended to avert damaging attacks on critical infrastructure and the financial system.

The US is facing a “catastrophic cyber-attack” which could create lasting damage exceeding that of the many serious fires, floods and hurricanes the country has had to endure, according to a new analysis from a federal commission.

The Report says that digital connectivity that has brought economic growth, technological dominance and an improved quality of life to nearly every American has also created a strategic dilemma.The more digital connections people make and data they exchange, the more opportunities adversaries have to destroy private lives, disrupt critical infrastructure and damage our economic and democratic institutions, the Report states.

The report notes that about 95 per cent of successful cyber-attacks are the fault of what he called “rookie mistakes that people making in configuring technology, or [poor] digital hygiene, not patching, retaining default passwords.”

Named after President Dwight Eisenhower’s 1953 Project Solarium on strategic challenges, the 182-page Report makes 75 recommendations across the public and private sector, while presenting several draft bills and proposing changes to government departments and the creation of a National Cyber Director.

“The United States now operates in a cyber-landscape that requires a level of data security, resilience and trustworthiness that neither the US government nor the private sector alone is currently equipped to provide... Moreover, shortfalls in agility, technical expertise and unity of effort, both within the US government and between the public and private sectors, are growing.”

To tackle these challenges, the commission advocated a “layered cyber-deterrence” approach designed to “shape behavior, deny benefits and impose costs.”

The first requires the US to work with allies to promote responsible behavior in cyberspace, the second, to work with the private sector to enhance security, and the third, to retain the capacity to retaliate against enemies in cyberspace.

The Reports strategy outlines three ways to achieve this end state:

  1. Shape behavior The United States must work with allies and partners to promote responsible behavior in cyberspace.
  2. Deny benefits The United States must deny benefits to adversaries who have long exploited cyberspace to their advantage, to American disadvantage, and at little cost to themselves.
    This new approach requires securing critical networks in collaboration with the private sector to promote national resilience and increase the security of the cyber ecosystem.
  3. Impose costs The United States must maintain the capability, capacity, and credibility needed to retaliate against actors who target America in and through cyberspace.

US Future

The report stated that neither the US government nor the private sector is prepared to meet today’s cyber threats and that existing shortfalls in preparedness are getting worse. Therefore, the status quo in cyberspace is unacceptable. The current state of affairs invites aggression and establishes a dangerous pattern of actors attacking the United States without fear of reprisal. Adversaries are increasing their cyber capabilities while US vulnerabilities continue to grow.

There is much that the US government can do to improve its defenses and reduce the risk of a significant attack, but it is clear that government action alone is not enough.

Lawfare:       Infosecurity Magazine:      Claims Journal:     IT World Canada

You Might Also Read:

Top Six Cyber Secure Countries:

A New Age of Warfare:

 

 

« Container Shipping Gets A Cyber Security Mandate
Artificial Intelligence, Automation, Training & Jobs »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Intrinsic-ID

Intrinsic-ID

Intrinsic-ID's authentication technology creates unique IDs and keys to authenticate chips, data, devices and systems.

Wizlynx Group

Wizlynx Group

Wizlynx services cover the entire risk management lifecycle from security assessments and compliance to the implementation of security solutions and provision of Managed Security Services.

Spire Solutions

Spire Solutions

Spire Solutions is the Middle East & Africa region’s leading cybersecurity solution provider and value-added distributor (VAD).

Safetica

Safetica

Safetica Technologies is a Czech software company that delivers data protection solutions for businesses of all types and sizes.

Risk Ident

Risk Ident

RISK IDENT specializes in supporting enterprises in identifying and preventing criminal activity like payment fraud, account takeovers and identity theft.

CSIRT Italia

CSIRT Italia

CSIRT Italia is the national Computer Security Incident Response Team for Italy.

World Congress on Industrial Control Systems Security (WCICSS)

World Congress on Industrial Control Systems Security (WCICSS)

The World Congress on Industrial Control Systems Security (WCICSS) is focused on emerging trends in protection of industrial control systems.

TM One

TM One

TM One is the enterprise and public sector business solutions arm of Telekom Malaysia Berhad (TM) Group.

Netragard

Netragard

Netragard has an established reputation for providing high-quality offensive and defensive security services.

Bolster

Bolster

Bolster (formerly RedMarlin) is an AI-based cyber-security platform designed to detect phishing and fraudulent sites in real-time.

BreachLock

BreachLock

Breachlock delivers the most comprehensive Penetration Testing as a Service (PtaaS) powered by Certified Hackers and AI.

Virtue Security

Virtue Security

Virtue Security are specialists in web application penetration testing.

Palmchip

Palmchip

Palmchip is a Cyber Security, SOC and Software consulting company. We design and develop high performance and secure applications.

PSafe

PSafe

PSafe is a leading provider of mobile privacy, security, and performance apps. We deliver innovative products that protect your freedom to safely connect, share, play, express and explore online.

McDonald Hopkins

McDonald Hopkins

McDonald Hopkins is a business advisory and advocacy law firm. We focus on insightful legal solutions that help our clients strategically plan for an increasingly competitive future.

ZEUSS

ZEUSS

ZEUSS is a diversified data center, cybersecurity, and green energy company.