Threat of disaster: We're short-staffed in the cyber-world
Global hacking threats and cyber-warfare are by no means a new phenomenon as the past several years have seen an explosion of attacks against America and other Western nations from countries like Russia and China. In 2021, major supply chain disruptions against American entities Colonial Pipeline and JBS Foods clearly defined the threats facing the U.S. and the rest of the world. Despite these dangers facing Western nations, American cyber-security, along with our neighbor Canada's and most of the Western world, are severely lacking in manpower.
In America, a June report from the Washington Post claimed that the United States is either just as vulnerable to hacking attacks or even more vulnerable now than five years ago. The report cited a shortage of capable cyber-security professionals, which is occurring as the Department of Homeland Security (DHS), which is charged with overseeing the Cybersecurity and Infrastructure Security Agency (CISA), has been futile in its efforts, particularly in regard to the U.S.-Mexico border.
Despite the dysfunction plaguing DHS, CISA, which has gone through a multitude of changes over the past year and a half, may actually have kept the U.S. safer from hacking attacks this year versus 2021.
Among the changes at CISA contributing to what may possibly be better results, as 2022 still hasn't seen a major infrastructure or supply chain hack at the level of the JBS Foods or Colonial Pipeline, was the installation of Jen Easterly as director.
Although the general public is obviously not aware of all attacks, as some may have been kept private by businesses, newly proposed regulations in both Canada and America are aimed toward installing mandatory reporting protocols for private-sector entities that find themselves victimized by hacks.
Just this month, Canadian legislators proposed a bill that would force organizations in federally regulated industries to report hacks to the Canada's Cyber Centre. The bill hands the government authority to audit private businesses in an effort to ensure that they are complying with new laws. If an audited organization or individual should fail an audit, they face administrative penalties of up to $1 million for individuals and $15 million for organizations.
Those that are found to not be in compliance may also face summary convictions or what is referred to as convictions on indictment. Additionally, organizations and individuals in these select industries would also be forced to establish new internal cyber-programs intended to detect incidents and protect critical cyber-systems.
This move from the Canadian government comes in the wake of last month's big news of a Huawei ban on Canadian 5G networks. And the extra government-compelled scrutiny addresses industry claims that the global cyber-workforce needed to grow by 65% in 2022 to provide effective security.
In addition to the Huawei ban, the Canadian Communications Security Establishment (CSE) announced earlier in this month that it will expand a Security Review Program for telecom equipment and services to apply more broadly to Canada's telecommunications networks and "consider risks from all key suppliers."
Twenty twenty-two may have yet to produce a major headline-grabbing attack so far in either America or Canada, but the threat of one is real, as earlier this week the Killnet hacking group claimed responsibility for cutting off as much as 70% of Lithuanian internet infrastructure from the rest of the internet in retaliation for the blockade of trade between Kaliningrad and Russia. Although these "big-game" attacks are generally carried out by state-sponsored Advanced Persistent Threat Groups (APTs), the majority of cyber-attacks seen globally are still targeting individuals, as ransomware groups like the infamous STOP/DJVU family regularly produce new variants and have collected millions of dollars in ransoms from individual victims the past several years.
Ultimately, both the U.S. and Canada must increase cyber-staffing, especially as cyber-power Russia, which has limited options for attacking Western nations conventionally, isolates itself from the rest of the world as a result an increasingly unpopular war.
Julio Rivera is a business and political strategist, the editorial director for Reactionary Times, and a political commentator and columnist. His writing, which is focused on cyber-security and politics, has been published by numerous websites, and he is regularly seen on national and international news programming.
Image via Pixnio.