The last successful attack on US soil by foreign individuals took place last December. A cyberattack that targeted software provider SolarWinds affected Microsoft, the US government, and cybersecurity firms like FireEye. Although cyberattacks don’t lead to loss of life, they are costly and are increasing in frequency.
Malicious attackers discover new vulnerabilities or exploit previously known vulnerabilities. SolarWinds-related attacks such as Supernova and Sunburst attacks were examples of the former. In 2017, the WannaCry ransomware attack targeting Microsoft used a known vulnerability to infect over 200,000 computers and cause damage worth billions of dollars.
Most people would think the US is protected against known vulnerabilities. However, a 2019 research study revealed an average gap of 133 days between the discovery of a vulnerability and the release of information regarding it to the public. This period is typically used to create a patch that mends the vulnerability. However, half the attacks that use known vulnerabilities occur during this period before the vulnerability gets fixed. Consider these as holes in the perimeter fences around the US embassies worldwide. If it took 133 days to repair them, there would be a hue and cry because terrorists could use this opportunity to carry out successful attacks. However, this is the state of cybersecurity in the US today.
Upon discovering a vulnerability, the National Institute of Standards and Technology, responsible for maintaining the National Vulnerability Database, takes time to communicate with the vendor whose product contains the vulnerability and look into other processes like estimating the severity of the vulnerability. Generally, vendors have little incentive to patch a vulnerability or cooperate because the affected product may be unprofitable, old, or close to being phased out.
However, this isn’t sufficient. The US needs a National Cyber Vulnerability Early-Warning Center—just as a meteorologist is always on the lookout for storms, an early warning center would keep an eye out for vulnerabilities in widely used hardware and software components. This would discover new weaknesses before enemies do, strengthening defenses. North Korea, Russia, Iran, and China can access cheaper expertise. The best way for the US to protect its intellectual property and data is to invest heavily in cybersecurity.
On March 31, President Joe Biden introduced a $2 trillion plan to rebuild the country’s infrastructure. He called the proposal a transformational effort capable of…
In November 2019, E. Jean Carroll, a former columnist for the Elle magazine, filed a defamation lawsuit against former President of the United States Donald…
Senior citizen centers are supposed to be about socializing with one another, renting apartments, and sharing good times. However, lately, the situation at an elderly…
President Joe Biden is all set to take part in his very first in-person North Atlantic Treaty Organization (NATO) summit since taking office and reaffirm…