Three things we can do today to fix America's cyber vulnerabilities.

If you read any of the cyber security news lately, you would think there is no possible way to protect your data.?Breaches are being identified daily and are impacting everyone from the small business using a POS System to the Federal Government. Even in the Pentagon, there are voices of concern about our ability to protect our defenses against attack. Nicolas Chaillan, the first chief software officer for the Department of Defense resigned in protest saying, “we have no competing fighting chance against our adversary in 15 to 20 years. Right now, it’s already a done deal; it is already over in my opinion.” Read more here.

I do share Nicolas Chaillan’s concerns that the Pentagon and the entire United States have not taken the issue of cybersecurity as seriously as it should. However, I don’t have such a grim view of our abilities or our capabilities to respond and move forward with the next generation of cyber protection. I think in a lot of ways we are simply not using the advantages that we have because our government has not been forced to use them yet. It’s that old saying, “status quo works until it doesn’t”. It is time to toss aside the status quo and move forward and we do need to hurry as the threats are only accelerating.

Throughout history America has had a unique ability to create, adapt and mobilize quickly when it became threatened. Look no further than World War II. Right after Pearl Harbor many felt that America could not recover, the Japanese were winning the war and it wouldn’t be long before America raised the flag of defeat. Yet, as history showed America was far from defeated after the bombing of Pearl Harbor and in fact was just getting ramped up. In fact, a famous quote from Japanese Admiral Isoroku Yamamoto wrote, “I fear all we have done is awaken a sleeping giant and fill him with a terrible resolve” which was true. I share this history lesson to illustrate a point. Our adversaries may for a moment have advantages in certain areas over America, but ultimately, we have a unique ability when pressed to rise to any occasion to meet any threat.

America is under deliberate attack from cunning, smart and ambitious adversarial nation states, and criminal enterprises. These entities are using the freedom of our systems to attack our security, information, and financial infrastructure. You won’t see these stats on the nightly news but here are costs that are being incurred in the battle against cybercrime.

• Cybercrime costs the global economy about?$1 trillion?— 50% more than that predicted in 2018. Also, it is more than 1% of the global GDP.?
• The average cost of a data breach in 2020 was a whopping??$3.86 million. In 2021 it was?$4.24 million.
• A data breach compromising 1-10 million records costs?$50?million?on average, whereas one compromising 50 million records can cost as much as $392 million.?

How are these nation states and criminals accessing our data?

• The most commonly leveraged cyber-attack vulnerabilities are crypto weaknesses (39.7%), followed by cross-site scripting (12%) and those related to system patches (8%).?
• 74%?of organizations are unaware of the number of digital keys and certificates they have — leaving them vulnerable to threats involving shadow IT certificates.
• The number of security incidents involving insiders has increased by a staggering?47%?since 2018.
• 70%?of office workers admit to using their work devices for personal tasks.
• 69%?are using personal laptops or printers for work activities.
• Almost one-third (30%) of remote workers have let someone else use their work device.

All our institutions have been passively allowing these crimes to occur. The stories quickly disappear, only to be replaced by the next breach of even more data.

It is time for all of us to demand of our leaders in both the private and public sector to commit to making cyber security a key issue for the next decade. The future of the world is going to depend on who can best protect and control data. And right now, the United States needs to implement the next generation technologies and processes that will put our country and our businesses on the offense against cyber-attacks.

So, what is the next line of defense against Cyber Attacks? This is a question we have been asking ourselves at Secured2 and we have an answer. If America can focus on these three things RIGHT NOW we can greatly mitigate our major vulnerabilities and then start building our more operational IT that can deal with both cyber offense and defensive capabilities. To me table steaks are: ?

?1.?????Data Security – we need to get America ‘post quantum ready’ and integrate solutions like Secured2’s quantum safe security that is ‘ZERO TRUST as a SERVICE’ and provides new/improved levels of security. It was speculated several years ago that operational quantum computers were years away from being deployed. Hostile nation states have proved when you focus enough time and resources towards something you can achieve incredible goals. Today, we know that one of our largest nation state rivals has operational quantum computers, they have a capability to decrypt any data encrypted with AES encryption and we also know their advanced cyber capabilities can reach just about any intended target. That’s why Secured2’s quantum safe technology with cyber indemnification backed by Lloyd’s of London is proliferating so quickly in today’s enterprise and is soon being rolled out to our Government and Military. A big part of our protecting our country is protecting our data from bad actors. Secured2’s solution does just that. As well, Secured2 is also tied to industry leading verification venders to ‘prove identity’ at point of login and as well provides a ‘decentralized’ approach to storing any data at rest. Decentralization and quantum safe security is the future of data security. ?

2.?????Hardware – an often overlooked and ignored area is computing hardware. As the SuperMicro hack illustrated small micro-chips can be inserted into motherboards and relay every piece of information off a server, desktop, laptop or tablet. Furthermore, even the software drivers themselves can be breach-points in hardware. America needs to IMMEDIATELY put in new reforms to lock down our hardware, create a certification process and ramp up American based manufacturing of motherboards, CPU’s, ram, and storage. We must immediately ensure that our hardware supply chain is free from backdoors, microchips, and malicious software. I would also argue that we need to build new platform designs that use materials that are easily sourced in America and are not reliant on materials offshore that are being collected and manipulated by hostile nation states. ??

3.?????Communications – our communication stack from core routers, hubs, switches and WDM fiber optic devices all need ‘trusted sourcing.’ We can no longer rely on ‘outsourced’ hardware coming in from third party manufacturers that cannot certify the hardware driving the networks. We must continue to block utilizing foreign networking equipment from hostile nation states that access our networks and touch our countries communications core. Protecting data flowing across networks is key, just as protecting the infrastructure supporting that data flow is critical. Any back door anywhere in the process opens up instant vulnerability. We can stop this threat immediately by using 'trusted' networking equipment and developing a trusted code base either through open source or through a new consortium that our government can create that can develop a 'trusted' code database.

By simply doing these three things we can greatly improve our security posture in our business, government, and military markets. I also believe these things can be done rapidly and should be done rapidly. It was very encouraging to see Intel recently announcing an investment of $20B in building two new chip fabs in Arizona. I believe these kinds of investments will reap tremendous long-term benefits, and our government should be incentivizing companies like Intel and others into making similar investments along with tax incentives to offset the costs. I also believe companies like Intel should also come up with some kind of 'certification' process so we know the chip being purchased can be traced to a facility, a time it was developed and a fab where it was created. This would eliminate the 'fake chip' market coming out of rogue nation states that put back-doors into the chips. As well, our government should be providing better incentives to early stage companies that are building the future innovations to secure our country. One idea is to have the government provide early stage funding or low interest loans if a company can demonstrate a novel technology and have it independently validated by a credible third party.

It’s very clear America is at a crossroads. We can continue to do the same things expecting a different result or we can recognize that solutions exist in our country (American made) that can solve the pressing problems. We just need our government to use them and support them. In case you were wondering there is a cyber arms race, and right now we are losing. We are being out manned, out gunned, and out funded. If we don't get our act together quickly the war will be won and our enemy didn't even need to fire a single bullet. ??

?