Preparing to talk with Admiral James Stavridis in our February 27 RSAC keynote in San Francisco, there are a lot of hot issues on the table. From cybersecurity and war-readiness, to 2020 election security, to vulnerabilities in the US defense supply chain and how we can tackle them, here are the top five questions on my mind.
Much more to come at #RSAC 2020.
1. How vulnerable are we today to cyberattacks sponsored by state enemies?
While we continue to prepare for conventional warfare, the greater likelihood is that foreign nation-states with interests counter to those of the US, like Russia and Iran, will leverage their cyber-warfare to weaken us. Attacking us remotely, by compromising our networks, allows them to inflict greater damage at a lower cost—the benefits of asymmetric warfare. As we’ve seen from the recent Cloud Hopper attacks by China, a team of as few as two highly sophisticated hackers can infiltrate dozens of companies and US agencies, without exposing themselves to retaliation.
2. What would such a cyberattack look like?
There are infinite numbers of soft targets for cyberattacks. Of greatest likelihood is an attack on our critical infrastructure, though we know we can’t discount military networks. These attacks will likely be along the lines of denial-of-service attacks, to disrupt essential services like transportation or electricity, grinding the daily operations of millions to a halt.
3. There’s been a lot of talk about election security in 2020. What are we doing to prepare against an attack on our election systems?
The challenge of protecting the integrity of the US democratic system is that our elections are run by local entities. We are only as strong as the weakest jurisdiction. In addition to ballot box tampering, we have to be cognizant of the potential of an attack on systems that support voting on the day of elections, such as traffic signals or electrical grids.
4. How can we better prepare for these possibilities?
Protecting ourselves against election tampering requires not only government effort but also efforts on the parts of campaigns and citizens to be aware and prepared. Hacked emails, fake news and misleading targeted ads threw off the course of the 2016 elections. This time around, candidates and voters need to be on guard. Both can be protected in part by using end-to-end encrypted email to lock down their communications and data. While this won’t stop fake news, it will definitely stymie hackers. And preventing the disseminators of fake news from accessing voter microdata will make it more difficult for targeted ads and disinformation to be designed effectively.
5. How can we better buttress our supply chain vulnerabilities?
The DoD’s new CMMC initiative protects against intellectual property theft and intrusion into our most critical networks. These rising cybersecurity requirements for defense contractors and subcontractors will make it more difficult for foreign hackers to access our privileged information.