The last successful attack on US soil by foreign individuals took place last December. A cyberattack that targeted software provider SolarWinds affected Microsoft, the US government, and cybersecurity firms like FireEye. Although cyberattacks don’t lead to loss of life, they are costly and are increasing in frequency.
Malicious attackers discover new vulnerabilities or exploit previously known vulnerabilities. SolarWinds-related attacks such as Supernova and Sunburst attacks were examples of the former. In 2017, the WannaCry ransomware attack targeting Microsoft used a known vulnerability to infect over 200,000 computers and cause damage worth billions of dollars.
Most people would think the US is protected against known vulnerabilities. However, a 2019 research study revealed an average gap of 133 days between the discovery of a vulnerability and the release of information regarding it to the public. This period is typically used to create a patch that mends the vulnerability. However, half the attacks that use known vulnerabilities occur during this period before the vulnerability gets fixed. Consider these as holes in the perimeter fences around the US embassies worldwide. If it took 133 days to repair them, there would be a hue and cry because terrorists could use this opportunity to carry out successful attacks. However, this is the state of cybersecurity in the US today.
Upon discovering a vulnerability, the National Institute of Standards and Technology, responsible for maintaining the National Vulnerability Database, takes time to communicate with the vendor whose product contains the vulnerability and look into other processes like estimating the severity of the vulnerability. Generally, vendors have little incentive to patch a vulnerability or cooperate because the affected product may be unprofitable, old, or close to being phased out.
However, this isn’t sufficient. The US needs a National Cyber Vulnerability Early-Warning Center—just as a meteorologist is always on the lookout for storms, an early warning center would keep an eye out for vulnerabilities in widely used hardware and software components. This would discover new weaknesses before enemies do, strengthening defenses. North Korea, Russia, Iran, and China can access cheaper expertise. The best way for the US to protect its intellectual property and data is to invest heavily in cybersecurity.
For more than 100 of its aircraft, Boeing suspended operations on Sunday, after an engine on a United Airlines flight from Denver caught fire and…
Do you buy sprouts a lot? Sprouts are nutritious and can serve as a delicious garnish to your soups, salads, and sandwiches. Next time, you…
On Thursday night, a former employee at a FedEx Ground facility near Indianapolis main airport shot and killed eight people and wounded several before turning…
On Wednesday, the President announced that all US and allied troops will leave Afghanistan by the 20th anniversary of the September 11 attacks. Biden is…
On April 14, the IRS confirmed that federal agencies were releasing the fifth batch of stimulus payments. Eligible recipients will start receiving their payments on…
Early this month, a mob of pro-Trump supporters and fringe groups from the far-right breached security at the U.S. Capitol and stormed the building, interrupting…