Ah, another Cybersecurity Awareness Month is winding down, and as we gather around our digital campfires to recount the valiant tales of hackers, ransomware, and government incompetence, nothing says "cyber progress" quite like the reality that we’re one phishing email away from losing our social security numbers, our Netflix passwords, and—worst of all—our dignity.
In this election year, we find ourselves at a thrilling crossroads: will the direction of cybersecurity hinge—and to a lesser extent, the legislative future of artificial intelligence as Apple Intelligence is set to be released this month—on who sits in the Oval Office come January 2025? You bet it will. But let’s not kid ourselves: America’s not exactly riding high in the cyber saddle at the moment. If we’re going to lead the world in cyber defense, then maybe, just maybe, we should stop treating it like an afterthought at the Department of Homeland Security (DHS), which is rapidly becoming the DMV of government departments.
Enter Alejandro Mayorkas, the embattled head honcho at DHS, who has overseen—let’s be real—the not-so-grand disintegration of the American southern border. A man so effective in his role that if the border were any more open, we'd be offering concierge services to smugglers. Under his watch, not only has the border situation deteriorated, but CISA (the Cybersecurity and Infrastructure Security Agency)—a subdivision of DHS—has been floundering like a teenager trying to understand a Y2K meme.
Speaking of CISA, let’s pour one out for Jen Easterly, the agency’s current head, who has been tasked with implementing the administration's brilliant plan to Align Operational Cybersecurity Priorities for Federal Agencies. I know what you’re thinking—aligning priorities sounds harmless enough. But when "aligning priorities" includes complicated jargon to disguise a half-baked strategy that may accidentally gift-wrap our systems for hackers, well, we might want to be a bit more skeptical.
But no worries! Previous reports indicate that the Biden administration has a crack plan to solve the problem: they’re aiming to hire 500,000 new cyber professionals with a "Diversity, Equity, and Inclusion" (DEI) hiring initiative. Because, you know, when you’re trying to fend off Russian hackers or stop a North Korean Advanced Persistent Threat (APT) group, it’s really crucial to make sure your task force has an appropriate mix of yoga enthusiasts and interpretive dancers.
If the 2024 election swings in favor of Trump, we’ll see the rapid ousting of both Mayorkas and Easterly. Rumor has it that Trump has some real "cyber warriors" waiting in the wings to take over CISA. What’s important here is that they’d come with a different playbook, one that’s less about diversity quotas and more about practical solutions, such as possibly knowing how to set up two-factor authentication. Revolutionary, I know.
Names like Joshua Steinman, Trump’s former cyber advisor, and Matthew Pottinger, his one-time deputy national security advisor, are being thrown around as possible successors to Easterly. What do these folks have in common? Well, they’re part of a more hawkish cyber school of thought, which, let’s be honest, we could use right now, given the current state of cyber threats from China, Russia, Iran, and everyone's favorite digital gremlins—North Korea.
These aren’t just ordinary hackers, folks—these are government-sponsored Advanced Persistent Threat (APT) groups that come with the backing of the world’s most nefarious regimes. You know, the kind that can get into your network and set up shop like they own the place.
In a heroic attempt to prevent foreign actors from rummaging through our digital attics, the U.S. Department of Justice (DOJ) recently rolled out new rules aimed at curbing access to sensitive data for countries like China, Russia, and Iran. These rules are designed to prevent bulk data exploitation for purposes like espionage, cyberattacks, and good old-fashioned blackmail. About time, right? Now, if only we had the ability to stop the state-sponsored actors already launching ransomware attacks from their cushy headquarters in Moscow.
But it’s not only government systems that are under constant attack. No, the fast majority of cyber attacks still target the little guys, meaning you and me, so let’s not forget that LockBit ransomware is still running wild, while sneaky trojan horse malware like POWER Rat is lurking in the shadows. Our adversaries are becoming more sophisticated by the day, and our defenses? Well, let’s just say there’s room for improvement.
Meanwhile, one of the most critical cyber issues that popped up this month, the CVE-2024-43573 vulnerability, has made international headlines for its ability to hide in the shadows of networks, waiting to spring on the unsuspecting IT department that forgot to apply the latest patch and poses immediate danger across virtually all sectors. It’s a vulnerability so pervasive that you’d almost think we were trying to make hackers' lives easier. But hey, at least we’re aligning our operational priorities, right?
As we careen toward November 2024, it's clear that the cybersecurity future of the country will be shaped by this election. Will we continue to lurch forward with a DEI-driven cyber hiring plan, hoping that diverse but possibly underqualified candidates can hold the line against state-sponsored cyber armies? Or will we see a pivot to a more pragmatic approach, focusing on actual cybersecurity skills and strategies, should Trump return to the Oval Office? One thing’s for sure: if we don’t get our act together soon, we won’t be leading the world in cybersecurity—we’ll be handing it over to our adversaries, one ransomware attack at a time.
So, as we close another Cybersecurity Awareness Month, let’s take this time to reflect, laugh, and possibly cry a little as we face the hard truths of our cyber failures. Because if history is any guide, the hackers are always a few steps ahead, and we’re just trying to keep up.
Join the conversation as a VIP Member