Cybersecurity: A Pressing Concern
November 21, 2015
“We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”
National security has been increasingly evolving towards the field of technology and protection against new technologies. Since the turn of the century, an emphasis on internet-related warfare and malicious attacks has surged. This notion of a “blood-less war” has led to an increased focus on the capabilities of using the internet to facilitate long-range malicious attacks. Recently, the US State Department has been in the process of discussing the status of cyber security with China, and made a breakthrough by cementing a deal last month. While discussions and agreements surely form a basis for communicating foreign policy sentiment, a comprehensive long-term strategy lies in bolstering cybersecurity specific funding and placing an emphasis on security-related education.
While the threats of cyber security often make the headlines, funding for cybersecurity remains on the backburner. The Department of Homeland Security spends a modest 3% of its yearly budget on cybersecurity. Other agencies such as the Department of State and NASA spend even less. Experts in the field routinely critique the poor funding as neglecting the importance of sensitive data. Estimates suggest that the rate of cyberattack incidents has risen at least twelve-fold since 2006. As a whole, evidence suggests a large-scale issue. China dominates policy chats because of the magnitude of cyber-attacks that have originated from Chinese based IP addresses. According to the State of the Internet study and other pertinent sources, China has been the leader in Distributed Denial of Service (DDoS) attacks for years. Granted, local attacks should not be glossed over and ultimately geographical origin plays little role in the bigger picture. Regardless of distance, hackers still use a similar toolkit of schemes and the same primary forms of attacks.
A disregarded agreement
Within days of agreeing to refrain from malicious cyber security attacks, allegations suggest that China may have already broken word. CrowdStrike, a security based provider, claimed that it intercepted numerous attacks originating from China. The crux of the issue lies in the difficulty in attributing attacks as originating from government agencies or from private organizations, and frequently their origin remains purely speculative. As surveillance technologies become more powerful, identification of government affiliated organizations will become more accurate and reliable. For the time being, continued attacks from Chinese government IP addresses will continue to setback US and China relations.
At the heart of the matter is the United States’ lack of initiative. Earlier this year, an Office of Personnel Management audit recognized that the governmental organization had unsecured databases merely weeks before Chinese hackers gained access to the system. Adding to the irony, this vulnerability had been identified in 2007, yet was not addressed for years. Lack of action implies apathy toward securing the intelligence repositories against cyber-attacks. Tangentially, many other federal agencies have yet to update their databases, relying on the excuse that updating “the government’s antiquated environment was difficult and very time consuming.” However, if the infrastructure is so aged, is it not time to recreate the security system from the bottom up rather than waste resources salvaging an environment that cannot be one-hundred percent secure?
Going Forward Using Legislation
As of 2015, the global cybersecurity market is defined by a market cap of at least $77 billion, including both private and public spenders. In the United States, these spenders work largely independently - each seeking to narrow-mindedly secure its data from cyberattacks. This current structure, however, leads to a waste of resources and a lack of efficacy considering the potential for added protection if the now independent parties created a coalition. A bill currently in the House, the Cyber Intelligence and Sharing Protection Act (CISPA), seeks to allow collaboration between the federal government and private companies by sharing internet traffic data. While opponents argue that this legislation will give the government too much power to encroach on civil liberties, such a bill could prove useful in monitoring and defending against foreign attacks. Proponents of a bill that facilitates collaboration argue that it could provide the linkage needed to strengthen the security resources of potentially all American victims of cyber-attack.
Going Forward Using Education
Cybersecurity is primarily a race to invest in human capital since innovative computer scientists and experienced coders design most of the mechanisms to protect infrastructure. As such, the emphasis should be placed on education, especially in computer science. Over the past few years, more and more schools have adopted niche programs to train college students in cyber-security. Earlier this year, Vice President Biden inaugurated a new program with 25 million dollars in funding that focuses on educational program funding and institutional research. Some scholars have compared this trend in promoting cyber-security education “to the effort to upgrade science and mathematics education in the 1950s.” The sharp increase in cyber attacks recently suggests that the issue of cybersecurity will continue to be a pressing concern, and investing in the root, through education, will prove prudent years from now.
Student Blog Disclaimer
The views expressed on the Student Blog are the author’s opinions and don’t necessarily represent the Penn Wharton Public Policy Initiative’s strategies, recommendations, or opinions.