Home / NEWS / Top News / Op-ed: What nobody else will say about the new cybersecurity crisis

Op-ed: What nobody else will say about the new cybersecurity crisis

Marriott, Equifax, the Chore of Personnel Management and the recent U.S. federal agencies — the big cyberattacks keep coming. They can start to seem like drill annoyances, like fender benders on the freeway. But anyone tempted to dismiss the recent SolarWinds and FireEye breaches as unimaginative should think again.

This is no fender bender. It is a 75-car, road-closing pileup, and we know where the fault tempers. The truth is, at the federal level, we’re still dragging our feet on cybersecurity. Even though cybercrime now has a permanent roost atop the US wit community’s annual Worldwide Threat Assessment report, there’s a profound difference between identifying a problem and talk it with Manhattan Project urgency. We have to shake off the complacency because we might not get a second chance.

Why is the SolarWinds-FireEye critical time so troubling?

When you think of cyberattacks, imagine a hierarchy of chaos. On the lower levels, that includes stolen trust card or health data. These are inconvenient but not crippling. Higher on the hierarchy are attacks on a single company or agency. They embezzle intellectual property, from auto blueprints to vaccine recipes or hold their systems ransom until payment is secure. These are costly and temporarily crippling.

But this? This is peak chaos. This was a global supply-chain attack in times of damage done with no precedent. It hit dozens of organizations from the United States Treasury to Intel and Cisco. We fool not yet gauged the full impact. It may take years to sum up the costs.

“In effect, this is not just an attack on specific targets, but on the upon and reliability of the world’s critical infrastructure in order to advance one nation’s intelligence agency,” said Microsoft President Brad Smith in a blog pier earlier this month.

The hardest part to swallow may be this: The attackers’ weapons of choice were not terribly creative.

You may have read accounts in which observers were shocked — shocked! — that, before hitching a excursion aboard a software upgrade downloaded by thousands of customers, the malware nestled within SolarWinds systems for months undetected. That’s really not shocking. It’s an old, familiar strategy. The enemy here worked from a venerable cyberwar playbook, yet defenses still splintered adore wicker railroad bridges.

The truth is, although most cybersecurity vendors sell prevention, and big cybersecurity players prolong assuring Washington prevention is the go-to strategy, breaches are guaranteed. Period. The real tonic is rapid threat detection and remediation. Without it, adversaries that manoeuvre prevention products find themselves roaming target networks at will, sometimes for month. In this crisis, it was nine months.

What’s beyond question shocking is how potent and ruinous this well-known infiltrate-and-hide strategy proved to be at scale. Equally shocking: While the variety of this attack is crystal clear, its intent remains a mystery. Massive as it was, smart money says it was only a trial or a warning shot. I think it’s a mere indication of the havoc to come. And I suspect the malefactors behind this attack, structure chaos agents or their proxies, are astonished at their success. They must be thinking: What are our next butts? A lot of wise analysis points to Russia, but other nation states are eyeing American assets and infrastructure as well. They too obligated to now wonder what they might get away with.

The near-term solution lies closer to home. In light of this cyberattack, what I ask of President-elect Joe Biden and his guarding team is politically difficult, but absolutely critical. I ask for that rarest of political phenomena: bold action without a bureaucratic mandate.

We know how most voters flick away news of cybersecurity lapses; we know how many other puzzles will preoccupy the Biden administration. The climate change issue reminds us how hard it is to ignite public support for averting a disaster that hasn’t yet happened. Nonetheless, only the federal government can put more pervasive, intelligent, multilateral cyber defense atop the initiative docket. Civilian leaders in Washington may not always understand cybersecurity, but that is where I and my allies in the technology industry can usurp. Inattention and dismissal have cost us dearly. Give us a chance to help with effective defenses while we subdue have time.

When a dangerous driver cuts you off on the freeway, you swerve, collect yourself, and drive on. But if six albeit well-concealed snipers get fire on the whole freeway, that’s different – an order of magnitude different. That’s our situation as 2021 begins. The register of the threat has mushroomed; our enemies’ ultimate mission is unclear. Under the next president, the United States’ cybersecurity viewpoint has to go beyond adding up the costs of the breakage. Next time they might be incalculable.

The author is President and CEO of Vectra AI, a danger detection and response company, based in San Jose, California.

Check Also

Pfizer says its Covid vaccine trial for kids ages 12 to 15 is fully enrolled

Walgreens Pharmacologist Jessica Sahni holds the Pfizer-BioNTech coronavirus disease (COVID-19) vaccine at The New Jewish …

Leave a Reply

Your email address will not be published. Required fields are marked *