So far this year, a slew of cyberattacks against U.S. government agencies, institutions, and businesses have dominated headlines, and cybersecurity experts say that these types of damaging attacks are on the rise and can have "spillover" effects across supply chains. In May, cybercriminals believed to be linked to Russia targeted Colonial Pipeline, the operator of the largest fuel pipeline in the United States. When hackers from the Dark Side ransomware group infiltrated its system, the company quickly shut down the pipeline to prevent the ransomware from spreading. For about a week, the shutdown caused gasoline shortages and price increases along the East Coast, prompting governors in several states to declare states of emergency.
Cyberattacks are classified into three types. The first is high-profile attacks in which criminals exploit systems to demand a ransom, such as JBS and Colonial Pipeline attacks. Another type is an espionage attack, in which foreign criminals break into a system to steal information. A third and more common type of compromise is "email compromise," in which a hacker targets a business or organization via an email phishing scam.
According to a report, the Federal Bureau of Investigation's Internet Crime Complaint Center, business email compromise scams cost U.S. companies a total of $1.8 billion last year. In2020, there were 791,730 complaints of suspected internet crime, approximately300,000 more than in 2019. According to the report, these cyberattacks cost the United States more than $4 billion last year.
The government has not been left out of the ongoing digitization of all aspects of modern life. Government databases have positioned themselves as major targets for hackers and acts of cyber warfare as online, and data usage has increased.
According to author Richard Clarke, cyber warfare is defined as actions taken by a nation-state to penetrate another nation's computers or networks to cause damage or disruption. Non-state actors, such as terrorist groups, corporations, political or ideological extremist groups, criminal organizations, and hacktivists, are also included in broader definitions. For years, cyberattacks from these sources have been a source of concern in the United States, as not only the frequency of data breaches has increased, but so has their complexity and (economic) implications.
In terms of financial damage, the United States was the country most severely impacted by cybercrime in 2018:industry experts estimate that cyberattacks cost the U.S. government more than USD 13.7 billion.
According to the Global Cyber Security Index, the United States is one of the countries with the highest commitment to cybersecurity. Government I.T. expenditures totaled 88 billion U.S. dollars in 2019, and this figure is expected to exceed 92 billion by 2021.In terms of budget allocation, the Department of Defense is the primary recipient of federal cybersecurity spending, as the agency is in charge of protecting the United States from both offline and online attacks. The Department of Defense's latest cyber strategy doctrine states that its cyber goals include building and maintaining forces to conduct cyberspace operations, securing and defending DoD data, preparing for disruptive and destructive cyberattacks, and incorporating cyber options and alliances into plans.
Looking at the number and scope of data breaches in the United States over the last few years, the growing federal expenditure and focus on cybersecurity becomes more understandable. Federal agencies reported 13,107 cybersecurity incidents in 2018. The United States government was responsible for 5.6 percent of data breaches and 2.1 percent of all exposed records the following year. The December 2015 hack of the U.S. voter database is one of the largest online data breaches in history, with over198 million compromised records. This incident is especially noteworthy because the link between cybercrime and the U.S. electoral process gained international attention during the 2016 U.S. presidential election.
While many voters believe the Russian government was responsible for hacking into DNC computers and leaking emails in 2016, others are concerned that insufficient security measures will similarly impact the upcoming 2020 election. As the Covid-19 pandemic puts the United States' voting system to the test, online voting is becoming an increasingly contentious issue among party officials and industry experts. It remains to be seen how and where digital alternatives to polling stations will be available and how vulnerable the systems will be to cyberattacks.
Americans rely on consistent access to basic necessities such as water, energy, and fuel to do the work required to keep the country running. The federal government and the private sector must work together in a truly collaborative effort to protect valuable assets. Enacting cybersecurity standards for vital infrastructure and enhancing public-private cybersecurity cooperation are essential steps toward completion. In an era when malicious actors and adversarial states are launching unprecedented attacks on our infrastructure, Congress must not fail to enact common sense reforms that would secure the systems on which we all rely.
Many people are rightfully wondering what the U.S. government is doing to prevent similar incidents in the future. However, according to some reports, a large portion of America's critical infrastructure – around 85 percent – is privately owned. This limits the federal government's ability to detect and assist private enterprises that own and operate the critical infrastructure on which Americans rely to live, work, and play.
To secure the country's cyberspace, the federal government and private sector must reach a new "social contract" of shared responsibility in which both parties share mutual responsibilities. The federal government must be confident that the private companies that own and operate critical systems and assets do everything possible to safeguard them.
The bipartisan Cyberspace Solarium Commission has worked on these issues for the past two years. They have recommended policymakers take steps to raise awareness of cyber threats and ways to improve the U.S. government's ability to defend federal I.T. systems and support the owners and operators of the country's most critical systems and assets. The commission proposed more than 75 measures. In just one year, 25 of the commission's recommendations became law – a significant step forward, but only the beginning.