The Biden Administration Must Make Cyber Security a Top Priority
On May 3, 2021, former President Donald Trump released a statement. He said, “The Fraudulent Presidential Election of 2020, will be, from this day forth, known as THE BIG LIE!” [1]. This sentiment captures the spirit of all the election challenges that have occurred, and the narrative propagated by Trump allies which hinges on conspiracy theories surrounding Dominion Voting Systems. Trump’s people have claimed that these voting machines were somehow compromised or that they were engineered to report incorrect vote totals. Of course, these claims are all unequivocally false. But they do raise a broader question: should the United States Government be doing a better job with cybersecurity? The answer is a resounding yes. Failures of public institutions to safeguard sensitive information are all around us. Readers who are students of a college in the University of California system may have recently received a notification that their social security numbers were potentially stolen in a recent data breach. This is just one of a number of incidents regarding public institutions in which hackers have been able to do a startling amount of damage. Although the newly sworn in Biden Administration is dealing with issues on many policy fronts, one of its top priorities must be cybersecurity.
Our lives, and this is especially true for those of us in Generation Z, are increasingly governed by digital technology. For the country as a whole, portions of our critical infrastructure, including power grids, oil refineries, and factories, are controlled by computers. It is also a fact that all computers have the potential to be hacked. This exact scenario played out during what has become known as the “SolarWinds attack.” In early 2020, “hackers secretly broke into Texas-based SolarWind's systems and added malicious code into the company's software system” [2]. The reason this particular attack was so significant is the fact that the compromised software is used in systems that have a part in operating the pieces of infrastructure mentioned above, as well as systems managed by the federal government. It is true that “US agencies — including parts of the Pentagon, the Department of Homeland Security, the State Department, the Department of Energy, the National Nuclear Security Administration, and the Treasury — were attacked” [2]. We have since come to realize that this attack was carried out by Russia. We also now know that the attack went undetected for “six to nine months” [3]. This example illustrates how crucial it is for our country to have a strong cybersecurity posture.
One reason that the current state of affairs involving cybersecurity in the federal government is so lacking comes from the policies of the previous administration, which refused to take cybersecurity seriously. Examples of the Trump administration’s lax stance on cybersecurity, or perhaps even disdain for common sense cyber policy, can be seen through the following actions from the Trump FCC. They “Stopped the Commission order to address known security flaws in the Emergency Alert System …”, “Eliminated requirements that companies protect from cyberattack the personal information they collect from customers…”, “Rescinded the ongoing inquiry regarding how to make 5G networks secure…” [4], and more. Needless to say, the Biden Administration has its work cut out for it in making sure that alongside the nation’s physical infrastructure, our digital infrastructure gets the upgrade that it so desperately needs. Of course, the Biden Administration has its hands full dealing with one of the direst public health crises in over a century, as well as a large influx of migrant families at the border, an increasing frequency of mass shootings, and an epidemic of injustices committed against people of color at the hands of police. These are all incredibly important problems to tackle, and it is good that Biden’s administration is taking on those challenges. But the gaping holes in the nation’s cyber defenses brought on by the previous administration’s extremely insufficient policies in that area also need to be addressed as soon as possible.
There are technical solutions to the cyber challenges that we face. In researching this article, I talked to a friend of mine, who has many certifications in areas related to cyber security, about what exactly we could be doing better. She told me that many of the applications that operate our critical infrastructure “have not been patched or updated in years” [5]. Furthermore, these applications are running on outdated operating systems that are no longer supported by vendors [5], meaning that they no longer produce patches for these OSes. Users of iPhones or other Apple products are constantly reminded that they have a new update to install, usually with some summary of what is to be updated. Almost always, there is some mention of bug fixes or security patches. If our cell phones have to be patched this often, then it makes sense that the computers operating our power grid, or the servers safeguarding highly sensitive data should be held to the same standard. Getting our nation’s digital infrastructure to keep up with the times is not going to be an easy feat. It is going to take lots of time and money to accomplish, but the “US government needs to allocate [the] funding for upgrading the critical infrastructure NOW” [5] (emphasis in original).
In order to implement the outlined technical solutions, the federal government needs to hire lots of personnel, and Congress needs to be setting aside money for this purpose. Updating operating systems, while essential for security purposes, can also break the applications running on those systems. We need knowledgeable personnel to be able to tackle the issues that arise during the modernization of our cyber infrastructure. One potential way of obtaining the necessary manpower is for the US Government to partner with private enterprise to assist in the modernization effort. There are companies that can assess legacy software systems and identify potential areas of vulnerability [5]. By partnering with companies in that line of work, our cyber people can then triage systems, and roll out modernizations in an organized fashion, with the most seriously flawed systems being fixed first. The US Government should also consider adopting more applications that are Free Open-Source Software (FOSS) where possible. One large benefit of FOSS is that software with a large community user base, with lots of people maintaining and contributing code, will have more people regularly reviewing the code for bugs and security flaws, which helps even on cutting down on the number of potential attack vectors. Again, this gets back to a problem of manpower and expertise to be able to find and evaluate new software to be onboarded onto government systems.
It is well past time that the government start taking more action on the cybersecurity front. That means it is time for Congress to open the purse strings, and it is time for government agencies to begin hiring the best people and partnering with the best companies in the tech industry. Finally, it is time that the federal government embraces FOSS, which are continuously evaluated for bugs and vulnerabilities. Threats to national security are now not only from violent military action, but from cyberspace as well, and we cannot be truly secure as a nation until all those threats are addressed.
Sources
[1] Sotomayor, Marianna, and Colby Itkowitz. “Liz Cheney Slams Trump's Attempt to Brand 2020 Election 'the Big Lie'.” The Washington Post. WP Company, May 3, 2021. https://www.washingtonpost.com/politics/cheney-trump-election-mccarthy/2021/05/03/41ca672c-ac21-11eb-ab4c-986555a1c511_story.html.
[2] Jibilian, Isabella. “The US Is Readying Sanctions against Russia over the SolarWinds Cyber Attack. Here's a Simple Explanation of How the Massive Hack Happened and Why It's Such a Big Deal.” Business Insider. Business Insider, April 15, 2021. https://www.businessinsider.com/solarwinds-hack-explained-government-agencies-cyber-security-2020-12.
[3] Bossert, Thomas P. “I Was the Homeland Security Adviser to Trump. We're Being Hacked.” The New York Times. The New York Times, December 17, 2020. https://www.nytimes.com/2020/12/16/opinion/fireeye-solarwinds-russia-hack.html?action=click&module=Opinion&pgtype=Homepage.
[4] Wheeler, Tom. “Protecting the Cybersecurity of America's Networks.” Brookings. Brookings, February 11, 2021. https://www.brookings.edu/blog/techtank/2021/02/11/protecting-the-cybersecurity-of-americas-networks/.
[5] Interview