top of page

John Veasey

"Homeland Security"

MEMORANDUM

 

To: Jeanette Manfra, Assistant Secretary of Homeland Security for Cybersecurity

From: John Veasey, Senior Vice President for Cyber Policy at the Center for Strategic and International Studies

Subject: Changing the U.S. Cybersecurity Defense Strategy

Date: 12/06/18

 

Executive Summary

 

The U.S. continues to project strength at home and abroad protecting its interests and allies through economic ways, military aid, and information sharing mechanisms.  This strength allows the U.S. to maneuver around the world in allied states and in contested territory.  However, the U.S. is fighting in a new battleground in the 21st century currently plaguing its businesses, financial markets, elections, allies, and possibly the power grid.  This battleground is fought on the internet where individual hackers, rogue nations, terrorist groups, and U.S. adversaries use cyberattacks against our country. The intent of these attacks is to steal intellectual information, money, identities, or to disturb the U.S. interests and programs.  While these attacks are also outside of the U.S. many of these individuals and states seek to disrupt the United States facilities either for political purposes, economic purposes, or in retaliation of policy moves made from the U.S.  As years go on these attacks are expected to climb and become more sophisticated including possible sponsors from U.S. enemies and adversaries.[1]  This complex and wicked problem must be tackled in several ways to combat the technology that changes every year through a series of law changes, military and homeland security upgrades, and a renewed focus in protecting the next frontier in defense and economy. 

 

Analysis

 

Businesses

 

In 2017, the average data breach cost in the United States was $225 per capita which was first place alongside Canada at $190 per capita while India and Australia had the lowest cost, respectively, at $79 and $64 per capita. [2]  In 2016, the U.S. lost between $57 and $109 billion to cyberattacks that affected both private and public entities.  After the attack happened, many companies saw that it spilled over into other linked firms, which caused more damage.[3]  Many of these attacks on businesses are from hackers and ransomware made by unknown enemies.  Since these individual entities are not known as threats to the government, it is hard to stop and preemptively assault these attacks that happen.  Companies are stepping up to prevent these attacks, such as Yahoo after it suffered a cyberattack costing 3 billion user accounts that were stolen.  Marriott hotels were also hacked for over 500 million customer accounts stolen by ransomware.[4]  However, businesses and technology companies are beginning to research ways to stop or at least limit attacks on their businesses by creating incident response teams dedicated to finding ways to patch security threats and by having training for employees on suspicious activity from the internet and phone calls.[5]

 

Election Interference

 

Since Russia was found as the culprit of election interference in the 2016 election, the U.S. has invested $800 million into election infrastructure to ensure that votes are counted fairly and correctly while presenting cyberattacks at the same time.[6]  However, election systems across the country remain in conditions that need more security and training from adversaries that seek to influence decisionmakers in Washington D.C. and in state elections.  Russia remains the top threat alongside China and Iran for hacking computers that are involved with counting ballots.  One of the other problems with election interference is that many states suffer limited budgets and staff for conducting elections causing a slower response to any hacking attempts.[7]

 

Power Grid

 

The U.S. power grid is one of the more vulnerable systems to cyberattacks because of how devastating it can be to communities, hospitals, the military, or nuclear power plants; this has accounted for 32 percent of cyberattacks in 2014.  It is estimated that if a cyberattack or EMP were to hit the U.S., it would cost between $242 billion-$1 trillion on the economy and would result in many lives lost from losing electricity and internet.[8]  These attacks are led by Russia and smaller groups in hopes of belittling the U.S. into submission over sanctions and policy decisions in Europe and the Middle East.[9]  As power plants and utilities age, the U.S. does maintain an edge in having analog systems from the late 1900s; however, it must update its energy policies on cybersecurity and invest in ways to update the power grid from being vulnerable to attacks whether it be EMP or through the internet.[10]

 

China

 

China has hacked countries around the world 108 times targeting governments, high tech companies, and stealing millions of dollars of property.[11]  These intrusions are ways for the U.S. adversary to keep track of the U.S. and its technological sector as it becomes a rising threat and world power on the international stage.  In October 2018, several hackers were indicted by the Department of Justice for attempting to steal sensitive information from aviation companies. This team’s mission lasted five years before being found by the companies targeted who found malware on their jet engines.[12]  The U.S. has begun to place more emphasis on China in the Pacific and is already beginning to find ways to hold the government accountable for crimes committed.[13]

 

Russia

 

Since the Cold War, Russia has continued to stay an adversary of the U.S. because of its military and economy.  However, recently its economy has taken a turn and is falling today since the ruble is unstable and the military sector and energy sector keeps its economy alive.  Nonetheless, Russia uses cheap methods to sponsor hacking and cyberattacks on the U.S. such as the 2016 election; mentioned in the election interference section.  Russia also targets allies of the United States, such as France and the United Kingdom, in hopes of stealing military, economic, and other sensitive information as an edge against the United States.  In 2018, Russia was found responsible for over five cyberattacks in the U.S.  The U.S. has stepped up indictments of individuals responsible and placed heavy sanctions on Russia’s business leaders and government officials. 

 

Background

 

The U.S. has continually risen to the challenge when enemies rose up since the birth of the country.  The U.S. uses its technological superiority in every war and battle to overcome its enemies.  However, in the 21st century, these enemies are transforming: finding new ways to spy, disrupt, or outright attack the businesses and people of the United States.  While China and Russia are still adversaries that can be reprimanded, terrorist and individual hackers are transforming and are becoming harder to track down or stop since they have the cheap resources to change their computers or other technologies.  Using ransomware and malware that can be planted on devices, cyberattacks are able to be more effective to the victim thereby inflicting more damage and costs to steal information or counter policies.  What remains to be seen is how the U.S. adapts to this challenge domestically and abroad and how far it will go to protect its interests and its allies’ interests.  There are ways for the U.S. to respond in strength and develop international partnerships against cyberattacks that are also easily accessible and bipartisan.

 

Strategy/Recommendation

 

Policy Options

 

  • To bring down the cost and scope of cyberattacks, the U.S. government must encourage its businesses to hire an incident response team that can find weak points and security risks.  This idea has been brought to other countries around the world including India and Australia and has led to a decrease in costs to the economy and the government.  The tech companies in the U.S. should also collaborate together to create a training system model to educate workers and officials on the prevention of such attacks.  In addition, the U.S. government can provide increased funding into the energy sector, particularly nuclear power plants, to help update security systems and efficiency while also having new policies in place in coordination with the Department of Energy in cybersecurity.

 

  • The U.S. can assist allies in securing sensitive information through information sharing of defense mechanisms while also working to find weak points that prevent attacks on databases and the economy.  The U.S. can also partner with nations by funding research into protecting the power grid and running new situational drills to prepare for possible counter attacks from adversaries.  Also, the U.S. must continue to reprimand criminals and states responsible for cyberattacks including Russia, China, Iran, and North Korea.  This can be achieved through continued sanctions targeting those responsible in these states.

 

Possible Outcomes

 

  • Should the U.S. pursue a cost-analysis option that is able to help businesses and government entities lessen or stop damage to themselves, hackers could find new sophisticated ways that only expedites the cyber war currently happening; only causing more cyberattacks.  Another possibility in this instance is that cyber hacking decreases significantly from the benefit that incident response teams can prevent attacks, train staff members, and find weak points within their organizations.

 

  • The U.S. would suffer more cyberattacks from enemies if it continues the status quo currently that would cost billions of dollars to the economy.  Allies of the U.S. would suffer the same fate from not changing course and would most likely turn away from the U.S. if it does not provide the security and stability it has given in the past.  Adversaries would likely pounce on the chance to have these opportunities with allies in Europe and Asia in hopes of building a footprint big enough to counter the U.S. in the future.

 

Conclusion

 

Cyberattacks may never be fully stopped, but they can be limited in scope from educating the public, providing help to businesses and allies, and sending a strong message to enemies and adversaries of the U.S. through sanctions and international resolutions.  The U.S. has the means to provide the common defense for the country and its interests; what remains is how it chooses to prioritize those goals in protecting its citizens and people from harm’s way.  Adversaries of the U.S. are watching everyday, waiting for the country to blink to steal and take advantage of the disruption from cyberattacks.  Cybersecurity is a security domain worth fighting for the future of the U.S. economy, its people, its friends, and its interests.

 

[1] Landi, Heather. "Report: Cyber Attacks on the Rise and Evolving, as Ransomware Declines." Healthcare Informatics Magazine. June 14, 2018. Accessed December 03, 2018.

[2] "Ponemon Institute’s 2017 Cost of Data Breach Study: Global Overview." IBM. January 22, 2018. Accessed December 03, 2018. https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=SEL03130WWEN&.

[3] The Council of Economic Advisors. “The Cost of Malicious Cyber Activity to the U.S. Economy.” The White House. February 2018. Accessed December 03, 2018. https://www.whitehouse.gov/wp-content/uploads/2018/03/The-Cost-of-Malicious-Cyber-Activity-to-the-U.S.-Economy.pdf

[4] "The Worst Cyber Attacks of the Past 10 Years." Fox Business. November 30, 2018. Accessed December 03, 2018. https://www.foxbusiness.com/features/the-worst-cyber-attacks-of-the-past-10-years.

[5] McGregor, Jena. "You Know Your Data Is at Risk When You Shop. How about at Work?" Daily Herald. November 30, 2018. Accessed December 03, 2018. https://www.dailyherald.com/business/20181202/you-know-your-data-is-at-risk-when-you-shop-how-about-at-work.

[6] Silver, Nate. "How Much Did Russian Interference Affect The 2016 Election?" FiveThirtyEight. February 16, 2018. Accessed December 04, 2018. https://fivethirtyeight.com/features/how-much-did-russian-interference-affect-the-2016-election/.

[7] Carter, William. "CSIS Election Cybersecurity Scorecard: The Outlook for 2018, 2020 and Beyond." Nuclear Stability in a Post-Arms Control World | Center for Strategic and International Studies. December 13, 2018. Accessed December 04, 2018. https://www.csis.org/analysis/csis-election-cybersecurity-scorecard-outlook-2018-2020-and-beyond.

[8] Cohn, Carolyn. "Cyber Attack on U.S. Power Grid Could Cost Economy $1 Trillion: Report." Reuters. July 08, 2015. Accessed December 03, 2018. https://www.reuters.com/article/us-cyberattack-power-survey/cyber-attack-on-u-s-power-grid-could-cost-economy-1-trillion-report-idUSKCN0PI0XS20150708.

[9] Stoutland, Paige. "Cyberattacks on Nuclear Power Plants: How Worried Should We Be?" Cyber Attacks on Nuclear Power Plants: How Worried Should We Be? March 19, 2018. Accessed December 03, 2018. https://www.nti.org/analysis/atomic-pulse/cyberattacks-nuclear-power-plants-how-worried-should-we-be/.

[10] “Chapter IV Ensuring Electricity System Reliability, Security, and Resilience.” Department of Energy. February 2017. Accessed December 03, 2018. https://www.energy.gov/sites/prod/files/2017/02/f34/Chapter%20IV--Ensuring%20Electricity%20System%20Reliability%2C%20Security%2C%20and%20Resilience.pdf

[11] Carter, William. CSIS Technology Policy | Significant Cyber Incidents. 2006. Accessed December 04, 2018. https://csis-ilab.github.io/js-viz/tech-policy/cyber-incidents-bar/index.html.

[12] "Chinese Intelligence Officers and Their Recruited Hackers and Insiders Conspired to Steal Sensitive Commercial Aviation and Technological Data for Years." Department of Justice Office of Public Affairs. October 30, 2018. Accessed December 04, 2018. https://www.justice.gov/opa/pr/chinese-intelligence-officers-and-their-recruited-hackers-and-insiders-conspired-steal.

[13] Mattis, James. Summary of the 2018 National Defense Strategy of the United States of America.  Department of Defense. 2018. Accessed December 05, 2018. https://dod.defense.gov/Portals/1/Documents/pubs/2018-National-Defense-Strategy-Summary.pdf

bottom of page