Cyberattacks, not North Korea, pose greatest security threat

Based on the news, one would think the greatest threat to our nation is North Korea’s looming capability to strike the continental United States with nuclear tipped intercontinental ballistic missiles (ICBMs).

While the Hermit Kingdom’s ability to launch missiles with miniaturized nuclear payloads that can reach the U.S. is alarming, another threat to our national and economic security — targeted cyberattacks by state-sponsored advanced persistent threat (APT) groups and terrorist and criminal non-state actors — is being overlooked.

{mosads}It is now well established that in 2016, Russian operatives hacked the Democratic National Committee (DNC) and the Clinton campaign as part of a larger effort to interfere with the U.S. general election and undermine confidence in America’s democratic institutions. While covered extensively in the aftermath of the elections, this is just the tip of the cybersecurity-threat iceberg our nation faces — a threat that should concern every American.

There are a growing number of cyber threats, both to America’s economic and national security and the security of every citizen.

U.S. critical infrastructure for example, remains vulnerable to online threats. In 2013, Iranian hackers gained access to the Bowman Avenue Dam in New York as part of a plot that also affected 46 of America’s largest financial institutions. America’s power grid, the integrity of our water supply, environmental catastrophe, manufacturing shutdowns, undermining of the financial sector and destabilization of the transportation sector top the list of priority targets that are constantly under threat of cyberattack. 

Protecting intellectual property (IP) is also essential to America’s global technology competitiveness, economic health and military superiority. Once stolen, the huge investments enabling IP creation cannot be recovered, eroding businesses and weakening our national security and economic integrity. 

Perhaps of greatest concern may be both the classified and sensitive unclassified government information that is at risk to cyberattack. In 2014, the Office of Personnel Management (OPM) was the target of one of the largest data breaches in history when Chinese hackers stole personal records, including social security numbers, from over 22 million people.

In 2015, the chairman of the House Intelligence Committee stated that the Department of Energy alone had been successfully hacked 159 times, and in 2016, there were major data breaches carried out by hackers against the Department of Homeland Security (DHS), the FBI, Treasury Department and various U.S. voter databases. 

If the past few years have been any indication, cyberattacks are only going to increase in frequency, and more must be done to prevent them. There are a number of critical issues that must be urgently attended to in order to address the vulnerabilities that exist in our cyber infrastructure today.

Nefarious APT activities, conducted by state-sponsored adversaries inside networks can go unnoticed for months without detection. The inability to rapidly detect unauthorized network access is a major security flaw. Enhanced security measures, such as endpoint detection, exist but are sometimes unable to be implemented effectively. Investments should be made to replace antiquated systems, and software program managers must recognize and mitigate this risk to their platforms. 

Denial-of-service attacks that disrupt or threaten to disrupt network services will only continue to become more prevalent as Internet of Things (IoT) systems become more popular. Security features and patches should become more commonplace to ensure that these devices are not exploited.

Despite its vulnerability, the government’s “.gov” domain remains susceptible to cyber threats. In 2008, Congress mandated creation of the National Cybersecurity Protection System (NCPS) to protect the .gov domain from cyberattacks.

Current NCPS capabilities, operationally known as the EINSTEIN program, are a discontinuous set of contracts with different contractors charged with different tasks assigned to various internal operators, with no single entity responsible for the overall effectiveness of the system. This patchwork system has led to glaring holes in security, exposing a vast number of government sites to cyber risks such as the OPM attack. 

With no commanding entity responsible for securing the safety for thousands of .gov platforms, Congress directed DHS to take the lead in centralizing the .gov cyber security effort. In 2014, DHS first solicited proposals for the Development, Operations, Maintenance (DOMino) security program to overhaul EINSTEIN and provide much-needed cybersecurity cover to at least 100 civilian agencies. 

Three years later, EINSTEIN remains unchanged, even though one company has been selected for the DOMino contract on three separate occasions despite competitor protests. After more than three years of continuing risk exposure for government websites and networks, it’s time to move forward with the DOMino program and start more effectively countering the constant and evolving threat from cyberattacks.

The cyber threats we face will only become more serious unless the private sector and government take strong and decisive actions to stop the attackers and the methods they employ. By taking many of the measures outlined above, America can avoid complacency and be better equipped to ward off the next cyberattack. 

Michael Marks is the former assistant director of the Office of Science and Technology Policy and a former senior policy advisor to the undersecretary of State for security assistance, science and technology.

The views expressed by contributors are their own and not the views of The Hill.