Cyber security is the practice of safeguarding the integrity, security, and accessibility of information. Cyber security experts claim that by the year 2020, there will be 200 billion connected accounts. The majority of technology is vulnerable and easy to hack—as a result, cyber security attacks cause billions of dollars in losses every year. Cyber crime damage cost will reach an estimated $6 trillion dollars by 2020; already, successful breaches have risen more than 27 percent in the last several years. Ransomware attacks alone have doubled in frequency. As your congressman, I will focus on three areas in cyber security: infrastructure, attacks against financial institutions, and personal identity theft.
Protecting our infrastructure
Our enterprise systems (ES) are made up of large-scale applications (software and hardware) systems that encompass everything from commerce to identity protection. Critical infrastructure includes the cyber-physical systems all of us depend on, including national defense, electricity grid, water purification, traffic lights, and even hospitals. Protecting this infrastructure and its critical assets must be a top priority. Plugging these critical enterprises into the Internet makes them vulnerable to cyber attacks. The federal government is an essential partner in securing the energy grid from cyber attacks; it must take more of an active role in understanding the vulnerabilities and drafting legislation in partnership with the Electricity Subsector Coordinating Council (ESCC) to protect against these vulnerabilities. The fragility of the information world we now live in demands strong cyber security controls. Hackers and criminal groups capable of executing advanced persistent threats (APTs) pose serious threats to these enterprise systems. A recent cyber attack on the Ukraine’s energy grid, for example, caused a temporary blackout of 225,000.
The DOD’s three primary cyber missions are: defend networks systems and information, defend the U.S. homeland and U.S. national interests against cyberattacks of significant consequence, and provide cyber support to military operational and contingency plans. In January 2018, the director of the Defense Information Systems Agency stated: “The vast, global networks of the Defense Department are under constant attack, with the sophistication of the cyber assaults increasing.”
Strong leadership through laws, regulation, and funding must secure our government and private enterprise systems. Neither the government nor the private sector can deal with the capacity and level of cyber threats alone. Our government cyber security strategies must look at future technologies and trends.
Protecting our financial institutions
Banking and financial institutions are most at risk, given the nature of the data they hold. North Korea and Iran have been linked to cyber attacks on financial institutions, and the money they have stolen has likely been spent developing nuclear weapons. At least 46 major financial institutions and financial sector companies were targeted recently, including JPMorgan Chase, Wells Fargo, American Express, and AT&T.
Cyber criminals have demonstrated their abilities to exploit our online financial and market systems that interface with the Internet, such as the Automated Clearing House (ACH) systems, card payments, and market trades. In these instances, cyber crime is easily committed by exploiting the system users rather than the systems themselves. This is typically done through the compromise of a legitimate user’s account credentials.
Numerous high-profile breaches against major financial services institutions occurred last year, and the volume and complexity of the attacks are on the rise. As financial institutions shift to digital channels like online banking and mobile transactions, the attack surface grows, and there is more to protect. Consumers want the confidence that their financial information will be protected, regardless of how it is acquired.
Our federal government needs to play a leadership role through legislation aimed at protecting these institutions.
Protecting our personal data and identity
Identity theft occurs when someone steals your personal information, such as your full name or Social Security number, to commit fraud. According to the Identity Theft Resource Center, more than 7,500 data breaches involving more than 898 million records have occurred since 2005. Since the U.S. population consists of around 325 million people, it’s likely that almost everyone’s records have been stolen at least once.
Social Security numbers are the key targets. This information can be used to fraudulently apply for credit, file taxes, or even obtain medical services. The recent Equifax data breach is one of many examples where personal data was stolen. The data breach affected 143 million consumers, and the hackers walked away with Social Security numbers, birthdates, addresses, driver’s license numbers, and other personal data.
Government agencies must erect new fraud barriers using data, analytics, and improved identity authentication techniques. The Office of Management and Budget (OMB) has issued guidelines about how agencies should safeguard sensitive information. These guidelines need to be rolled down to federal, state, and local governments, and enforcement is crucial. The federal government needs to take a pre-emptive approach to cyber security; it must collaborate with the private sector to make it more difficult for thieves to obtain personal information. The federal government should also pass legislation that mandates any consumer data breach must be immediately reported to all affected users, accompanied by a plan to mitigate the impact caused by the breach.