Cybersecurity: Can Biden do at least this right?
In the ever-evolving landscape of digital technology, cybersecurity remains a cornerstone issue, critical to both national security and individual privacy. Especially in this time of heightened international conflict, in many instances, weaker and poorer countries are looking to focus their attacks in the cyber sphere in the form of infrastructure breaches that can prove to have wide-ranging consequences.
As we begin to navigate through 2024, cybersecurity trends that emerged in 2023 are reshaping the way we understand and confront digital threats. In this context, it becomes imperative to assess the effectiveness of the Biden administration in tackling these challenges, especially as the current regime struggles with even the basic tenets of securing the nation from virtually every kind of danger that exists.
What Are the Primary Emerging Trends in Cybersecurity?
Rise of AI-Driven Threats: Artificial Intelligence (A.I.) is increasingly being used by cyber criminals to automate attacks, create more sophisticated malware, and execute phishing campaigns with alarming precision. The evolution of A.I. means threats are becoming more adaptive, capable of learning from defensive measures and evolving accordingly.
Increased State-Sponsored Cyber Attacks: Geopolitical tensions are manifesting in the cyber realm, with nation-states either directly engaging in or sponsoring cyber attacks. These attacks are aimed not only at causing immediate disruption, but also at long-term espionage and data theft.
The Expanding Internet of Things (IoT) Vulnerability: As the IoT ecosystem continues to grow, so does the attack surface for cyber criminals. Many IoT devices lack robust security measures, making them easy targets for network infiltration and data breaches. Many of these devices are outfitted by default with Microsoft applications, and recent changes at the tech giant may serve to either improve security or further invade the privacy of private citizens’ data.
Remote Work and Security Gaps: The post-pandemic world has seen a permanent shift toward remote work, which brings its own set of cybersecurity challenges. Organizations are grappling with securing remote access, ensuring data protection, and educating employees about security best practices.
Ransomware and Data Harvester Evolution: Ransomware attacks have become more sophisticated, with attackers targeting critical infrastructure and demanding higher ransoms. Additionally, increasingly sophisticated data-harvesters like Prime Stealer have become adept at seizing digital wallets, as the rise of cryptocurrency makes for a growing target for hackers.
What Has the Biden Administration’s Cybersecurity Strategy Been Thus Far?
Under Biden, the administration has instituted several programmatic changes, to very mixed results. The jury is still out as to whether they have done enough. Taxpayer investment has been allocated at a steep cost, but America still finds herself vulnerable. Like most costly government endeavors, it is difficult to approximate the return on investment (ROI) of what seems to be generally inefficient government initiatives like the National Cybersecurity Strategy. These have been Biden’s most important moves thus far.
Investment in Cyber Infrastructure: Throwing money at the problem is a common theme in the swamp that is Washington, D.C. The administration has allocated significant resources in the name of strengthening the nation’s cyber infrastructure, including funding for upgrading government systems and new programs and grants for private-sector efforts in cybersecurity.
International Collaboration: Recognizing that cyber threats are a global issue, the Biden administration needs to enhance international cooperation in combating cyber crime. This includes working with allies to establish norms and hold accountable countries that harbor cyber criminals. We saw a glimpse of what can be last year, when a bipartisan group of U.S. senators unveiled a new proposal known as the Abraham Accords Cybersecurity Cooperation Act.
Focus on Critical Infrastructure and Other Sensitive Technology Sectors: In response to recent attacks on critical infrastructure and the aerospace industry, the administration has emphasized the need to secure these vital sectors. This involves both regulatory measures and collaborative efforts with private entities that manage these resources.
Changes to Public-Private Partnerships: The administration has made strides in fostering collaboration between the government and the private sector. Although increased partnership is crucial for sharing threat intelligence, developing cybersecurity best practices, and coordinating responses to threats, some, including some GOP members of Congress, feel that new Securities and Exchange Commission (SEC) rules regarding reporting of cybersecurity events amount to governmental overreach.
Workforce Development: Perhaps the biggest failure of the Biden administration regarding cybersecurity has been the unquestionable talent gap in the cybersecurity field. The U.S. is lacking hundreds of thousands of qualified information technology personnel as of the end of 2023. Ramping up initiatives to train and recruit cybersecurity professionals in 2024 is critical for building a robust defense against cyber threats.
The Biden administration needs to work harder to address the countless cybersecurity challenges that face America in the new year. The focus on infrastructure investment, international cooperation, and public-private partnerships are steps in the right direction, however, there are many areas where the administration could further bolster its strategy.
Firstly, the rapid evolution of A.I.-driven threats requires a more dynamic approach. This includes investing in A.I.-based defense mechanisms and staying ahead in the technological arms race against cyber criminals. Additionally, while international collaboration is beneficial, the U.S. must also be prepared to act unilaterally in its position as the leading nation on the planet, especially in attributing and responding to state-sponsored attacks.
The administration must also place greater emphasis on the human element of cybersecurity. This involves not just training professionals, but also educating the general public about basic cyber hygiene practices. The increasing sophistication of phishing attacks, like a recent scam known as “Missing Invoice,” which involves malicious emails, highlights the need for heightened public awareness.
Lastly, as IoT devices become ubiquitous, the administration needs to enforce stricter security standards. Manufacturers must be held accountable for integrating robust security features into their products.
In conclusion, while the Biden administration has taken some notable steps toward enhancing the nation’s cybersecurity posture, there is a lot of room for improvement. Cybersecurity is an ever-evolving field, and the strategies employed must be dynamic and adaptive. It’s not just about the technology, but also about the people behind and affected by it. As we attempt to best prepare ourselves digitally in 2024, it will be crucial for the administration to stay vigilant and proactive in the face of these new challenges. The security of our digital future depends on it.
Julio Rivera is a business and political strategist, cybersecurity researcher, and political commentator and columnist. His writing, which is focused on cybersecurity and politics, is regularly published by many of the largest news organizations in the world.
Image: Gage Skidmore via Flickr, CC BY-SA 2.0.