This month marks the 20th Annual Cybersecurity Awareness Month. Since 2004, America has declared the month of October to be Cybersecurity Awareness Month, which has acted as an awareness vehicle for the importance of cybersecurity. This year’s milestone provides the opportunity to reflect on the government's handling of cyber threats during this almost two decade period, acknowledging both victories and failings in this evolving battlefield of the digital age.
Over practically two decades, we've witnessed countless high-profile hacking attacks that have shaken the foundations of digital security. The incidents are constant reminders of the ever-present danger lurking in the cyber realm.
One of the first notable cyberwarfare attacks occurred in 2007, when Estonia faced a massive distributed denial-of-service (DDoS) attack from Russian attackers. The hack crippled Estonia’s digital infrastructure, including their parliament and banks, and foreshadowed the dangerous future of cyber warfare that we are currently in.
In the years that have past since, Russian-based actors have also been responsible for the SolarWinds hack in 2020, a cyber-espionage hack that compromised both US government agencies and private corporations, including the Department of Defense and Microsoft, and the multitude of attacks that have surfaced during the war in Ukraine, where hacktivists on both sides of the conflict have initiated countless digital breaches.
The one attack that is almost universally accepted as the first example of cyber warfare, the Stuxnet attack against Iranian nuclear facilities, is now well over a decade old, and should be seen retrospectively as even more historically significant as the week-old war between Hamas and Israeli forces rages on. The attack compromised software connected to industrial sites in Iran, including a uranium-enrichment plant, and gave Stuxnet’s operators access to centrifuges that were remotely controlled to tear themselves apart, thus limiting Iran’s nuclear capability.
Recommended
Although cyberwarfare remains the most potentially destructive aspect of cybersecurity, the general public is most frequently targeted by hackers, as hundreds of millions of people have been victimized by data breaches in the 19 years since the inception of Cybersecurity Awareness Month.
One of the more significant examples of this was the 2013 Target data breach, where bad actors gained access to the financial data of over 40 million customers. The hack highlighted the importance of securing personal data and inspired numerous discussions about better data protection laws, especially for financial data.
Another major attack, and one that had the potential for extortion occurred in 2018, when over 120 million Facebook users were exposed to a breach that saw 81,000 users' private messages be exposed online. The sheer volume of data housed by the major social media outlets (Facebook, Twitter, TikTok) represents a treasure trove that is under constant attack by hackers.
While cyberattacks can originate from various sources, some highly capable threat actors have garnered a reputation for their shamelessness. The aforementioned Russia, as well as China, North Korea, and Iran, have consistently ranked among the most dangerous players in the global cybersphere.
China in particular has been often accused of state-sponsored espionage and widespread intellectual property theft. The 2015 breach of the US Office of Personnel Management compromised the data of millions of government employees. Additionally, the fact that millions of Americans, including members of Congress, are either currently using or have previously used the China-based app Tiktok in the past also raises data security concerns as the app’s creators open their first European data center.
Over almost two decades of Cybersecurity Awareness Month, the US government has had its share of both successes and failures. Some notable successes were the establishment of both US Cyber Command (USCYBERCOM) in 2009, a dedicated military command responsible for defending against cyber threats, and the Cybersecurity and Infrastructure Security Agency (CISA), the operational lead for federal cybersecurity and the national coordinator for critical infrastructure security and resilience.
However, there have been many failings as well. The slow response to the evolving threat landscape and inadequate legislation to protect critical infrastructure have left many vulnerabilities exposed. Additionally, the lack of a comprehensive federal data privacy law has hindered the protection of personal information, leaving citizens at risk.
As we look past 2023, securing the future of the cybersphere requires a multi-faceted approach that addresses the dynamic nature of cyber threats. Some of the necessary actions the US Government should take are:
Focused Supply Chain Security: The Colonial Pipeline Ransomware hack highlighted the need for comprehensive supply chain security. CISA should help establish standards and practices for supply chain risk management to prevent future incidents.
Improved and Adaptive Defense Strategies: Cyber threats evolve rapidly. The Biden administration should adopt adaptive defense strategies that combine proactive threat intelligence and rapid response protocols, especially with the rise of cyber espionage malware strains like LuaDream.
Private-Public Collaboration: Collaboration between the private sector and government is critical. Sharing intelligence, best practices, and resources will effectively strengthen cybersecurity defenses.
As we mark the twentieth Cybersecurity Awareness Month, we must acknowledge our progress and the new challenges that lie ahead. The federal government, in partnership with the private sector and the international community, has to take decisive action to secure the future of digital security. Both triumphs and setbacks have marked the last two decades, but the path forward offers the opportunity to build a stronger, more resilient digital world for all.
Julio Rivera is a business and political strategist, cybersecurity researcher, Editorial Director for Reactionary Times, and a political commentator and columnist. His writing, which is focused on cybersecurity and politics, has been published by many of the most respected news organizations in the world.