The United States of America is the world’s foremost military power. The US spent $725 billion on defense in 2020, or about 11% of the overall federal budget. That’s more than the next eleven highest-spending countries spent on defense combined, including China, Great Britain, and France. There are more than 1.3 million active service members of the United States military. The US allocates a vast amount of resources to keep its citizens safe. Government organizations such as the CIA and NSA are dedicated to gathering information to prevent any future attacks.
And yet, despite all these funds allocated to defending our national resources, there still exists a major gap in our national security. A recent report over the summer by Congress revealed major problems in regards to the cybersecurity of the United States. In fact, if we don’t move quickly to improve the cybersecurity of both federal agencies and certain private corporations, the US could face a major crisis.
A report released by the Senate Committee on Homeland Security and Governmental Affairs over the summer largely condemned the cybersecurity practices of eight federal agencies. Four of the agencies— the Departments of State, Transportation, Education, and the Social Security Administration— earned a “D” for their failure to comply with cybersecurity standards set up by the federal government. Three other agencies (Agriculture, Health and Human Services, and Housing and Urban Development) only managed to earn a “C.” Of the eight agencies reviewed, only the Department of Homeland Security managed to earn a “B,” which only means it met the basic requirements necessary to protect government information.
The problems the Senate Committee found were deeply troubling. Many of the agencies that scored “D” were using outdated software, failed to install new security software, and did not always require authorization to use. This is not the first time these issues have been brought up, either— in 2018, a similar report was conducted on the same eight agencies, identifying major flaws in their cybersecurity systems.
All of this is coming at a time when cyberattacks in the United States are becoming more and more frequent. In 2020, the White House reported an 8% increase in the number of information security incidents across the federal government. In March 2021, at least five federal agencies were hacked by a group with links to China, in order to gain information on United States defense contractors. It’s not only government agencies that are at risk. In June 2021, a cyberattack on JBS SA, the largest producer of meat in the world, led to all of their beef plants having to shut down. A month earlier, hackers managed to gain access to Colonial Pipeline, an oil pipeline company, and shut down the distribution of oil to a large portion of the Southeast. In both cases, these attacks disrupted the distribution of resources across the United States and caused economic turmoil as the companies struggled to get back on their feet. In testimony before Congress, the CEO of Colonial Pipeline said that the company did not use multi-factor authentication, and the hackers only needed a single password to shut down the pipeline. That means one of the key resource providers for the United States is easier to hack than the average Fordham student’s account.
The dangers of all of this cannot be overstated. In an increasingly digitizing world, the vast majority of our critical infrastructure (a term the government uses to refer to assets that are critical for society to continue functioning) relies on computers. Transportation, banking, security, communication, and vital manufacturing systems all depend on computers and could be potentially crippled by any sort of cyberattack. We have already seen that hacks against key corporations can disrupt daily life for many people. If an attack like this were made on a larger scale, or, worse yet, against the government, then the results could be devastating.
Cyberspace has recently been dubbed the “fifth domain” of warfare (the other four being land, sea, air, and space), and with good reason. A massive cyberattack could do more damage in a single day than any sort of conventional military attack. It could destroy a nation’s economy, disrupt its forms of transportation, halt its communication systems, all without having to ever fire a single shot. Furthermore, cyber-attacks have a relatively low barrier for entry. For a nation or a terrorist group to launch a cyberattack, they don’t need expensive weaponry and ammunition. They just need access to some computers.
All of this is why it is so vital that we focus on defending our cyberspace. Vulnerabilities in our security systems will continue to be exploited. Foreign governments, terrorist groups, and criminals will take advantage of the weaknesses in the United States’ cybersecurity, and will exploit these weaknesses to cause harm.
In order to carry out this vital mission, there are several steps the United States must take. First, the federal agencies that have been failing in regards to cybersecurity must have their security methods and systems updated. The same way we would not allow our government buildings to go undefended, we must ensure government servers are equally protected. At the very least, common sense cybersecurity measures such as two-factor authentication should be implemented.
It is also vital that the government form public-private partnerships with corporations that provide essential services to keep the private corporations from being hacked. Legislation should be passed to compel firms to hold their cybersecurity systems to a certain standard, with penalties if they fail. The federal government could provide aid when necessary, giving both funding and cybersecurity tools to better protect our national resources.
Finally, the US military needs to allocate more of its resources to combating cyberattacks and training new “cyber soldiers” for the future. All the fancy technology we have— drones, missiles, etc— won’t be of any use to us if a massive hacking campaign takes control of our critical infrastructure. The nature of warfare has fundamentally changed. It would be a waste of the $725 billion we currently spend if more of it was not allocated to prepare for what could be the most dangerous threat of all.
The US has already been hacked multiple times, but so far, we have gotten lucky. None of the attacks have crippled our infrastructure for more than a few days, and we have managed to get things up and running again. In the future, however, the attack may be much more widespread, and the damages may take much longer to repair.
The United States has been surprised before. We were not ready for the attack at Pearl Harbor. We were not prepared for 9/11. Both times, we ignored the warning signs, with devastating results. We cannot afford to be surprised again.