Weakness in our Cyber-Security Culture
One of the most alarming news stories of the past few weeks, and there are many, has been the massive, undetected cyber-hack by Russia across hundreds of US agencies and corporations. In my book SWARM, the main character Derek Taylor attempts to convince and motivate Congress that America is extremely vulnerable to attack, that there are many types of attacks we cannot predict, and that we as a nation are under-funding, and undermining our own cyber-defense. I further specifically identify Russia, Iran, China and North Korea.
The warning signs have been there for years, in fact, I used to work at Microsoft where I was close to those who attempted to get the US government to do more to address the issues of cyber-security, especially the issue that came up with the recent hack - hidden embedded software functionality.
Why is this so difficult? Modern software production can take place across multiple continents and work sites involving millions and millions of lines of code. While software testing can identify some unrequired code, tests are only good if you know what to test to find. There are ways to embedded code to avoid an impact on testing.
In the book, I call for a revamp of our cyber-defense strategy and a 10-fold increase in our defense budget to develop AI and other adaptive defenses. Sadly, nothing will happen under the current administration and the demands on the next administration and Congressional resistance to stronger cyber-controls have hindered progress to date.
If there is any silver lining to the Russian hack is that maybe, just maybe it will motivate those in Congress, NSA, CIA, DoD and the WH get off their partisan fanny's and do something meaningful and timing. Don't hold your breath, which means a scenario similar to SWARM is inevitable.