Nicole Perlroth, the New York Times cybersecurity reporter, just came out with a very interesting perspective on our troubles with foreign adversaries, in part created by our own policies. She is the author of the forthcoming book “This Is How They Tell Me the World Ends,” from which her NYT article was adapted. The promo states: "The untold story of the cyberweapons market—the most secretive, invisible, government-backed market on earth—and a terrifying first look at a new kind of global warfare."
It's a very interesting article that reveals a side that we do not hear about a lot, the U.S. cyber offensive side focusing on 99% offense and 1% defense, which is the same mistake we have made in the past with the atom bomb. The Manhattan Project spent a then crazy amount of money on a red team creating the bomb, but should have had a blue team working on a defense against it at the same time. Did not happen.
Same today. The US has the most advanced cyber attack weapons but is also the most vulnerable and our adversaries have caught up. We have all seen this movie before. Perlroth writes: "Three decades ago, the United States spawned, then cornered, the market for hackers, their tradecraft, and their tools. But over the past decade, its lead has been slipping, and those same hacks have come boomeranging back on us."
"In 2016, the N.S.A.’s own hacking tools were hacked, by a still unknown assailant. Those tools were picked up first by North Korea, then Russia, in the most destructive cyberattack in history. Over the next three years, Iran emerged from a digital backwater into one of the most prolific cyber armies in the world. China, after a brief pause, is back to pillaging America’s intellectual property.
And, we are now unwinding a Russian attack [SolarWinds] on our software supply chain that compromised the State Department, the Justice Department, the Treasury, the Centers for Disease Control, the Department of Energy and its nuclear labs and the Department of Homeland Security, the very agency charged with keeping Americans safe."
Perlroth continues with: "Occasionally we respond to attacks with indictments, sanctions or cyberattacks of our own. President Biden added $10 billion in cybersecurity funds to his Covid-19 recovery proposal and said Thursday that the United States was “launching an urgent initiative” on cybersecurity, to improve America’s “readiness and resilience in cyberspace.”
But finding every Russian backdoor could take months, years even. And climbing out of our current mess will entail a grueling choice to stop leaving ourselves vulnerable.
For individuals, this means making life less convenient. It’s not ignoring password prompts and software updates, turning on two-factor authentication, not clicking malicious links."
I suggest you send this link to your C-level execs together with your budget request.