Information travels through America’s cyber networks at the speed of light. The legislation that will be used to govern some aspects of network security is traveling at the speed of bureaucracy. The Senate has been debating two cybersecurity bills that will impact U.S. cybersecurity standards, and the issue might be brought to a floor debate in July. Meanwhile, hackers are enjoying a leisurely stroll though America’s digital world, perusing intellectual property, critical infrastructure and defense technology.
To be sure, it’s not just inaction in Washington that is allowing this to happen. Often, poor choices in online activity expose critical aspects of national security and technological innovation, and cyber criminals around the world are making off with competitive advantages America has worked hard to create.
Whatever Congress eventually decides, the onus is on U.S. citizens and businesses to step up their individual security efforts. That means being educated about cyber threats and taking proactive steps to stop them. Make no mistake – the United States is under constant cyber attack, not just to penetrate sensitive government networks, but to access business secrets, personal credentials and a litany of other data that can be sold to America’s competitors or manipulated to cause damage to the country. All American’s are responsible for the country’s cybersecurity.
I spoke with fellow Security Debrief contributor Steve Bucci to identify some of the important steps citizens and businesses can take to improve our country’s cyber readiness. His insights are included in my two-part article on the cyber threat to America, published on Defense Media Network.
A final note, to the skeptics: Some in the media and the public have said the cyber threat to America is being exaggerated. Since writing this two-part article (excerpt below), more than one person has commented, “you’re being paranoid,” or “hackers don’t care about me,” or even “you can’t prove all these hackers are in China.” That is exactly the kind of mentality that is allowing people from all over the world (many in China) to step right into our national databases and take whatever they want. The threat is severe; hackers are directly targeting our businesses and personal information; and the buck stops with you – with all of us. We have the capability to prevent this unparalleled theft of intellectual property, but we have to recognize our individual obligation to defend our collective security.
There is a severe and growing cyber threat to the U.S. private sector, stemming largely from hackers in China. Part 1 of this article revealed how the ongoing hacking of U.S. business networks is robbing America of its hard-earned intellectual property and innovation. The attacks are lining hackers’ pockets and allowing Chinese corporations and the government to quickly and illegally catch up to U.S. technological capabilities. This needs to end, and to achieve it, all U.S. businesses need to get serious about cybersecurity.
While cyber threats can be technologically sophisticated, there are some basic approaches all companies can take to elevate their security posture. Dr. Steven Bucci is a senior research fellow for defense and homeland security at the Heritage Foundation, previously working as a cybersecurity consultant to IBM. (He also has had a distinguished military career, including service in special operations forces, and was a civilian appointee to a deputy assistant secretary of defense.)
Given the onslaught of cyber attacks on American businesses, Bucci noted important steps for elevating private sector cybersecurity. One, he said, is awareness and education, and this goes beyond a “one-pager on threats or once-a-year cyber training.”
“I could go to almost any company in America and the majority of the employees would not be able to articulate the threat their company is under,” he said, adding that despite company security policies, threatening programs are still found throughout business networks.
“This means something is wanting in their programs – if not in substance, then in execution,” he said. “Businesses need dynamic education that changes with the changing threat.”
Employees must know what to look for when deciding if an e-mail, link or website poses a threat. Updating software, attending to computer security notices, being selective in surfing the Internet, and approaching unfamiliar communications with caution are things every employee can and should do. Many of the attacks noted in Part 1 originated with one poor choice that compromised the entire network. With up-to-date knowledge and training, these errors can be avoided.
Read the full story.