As computers and the internet increasingly touch our lives, our vulnerability to cyber attacks—both as individuals, and as a nation—continues to increase. More and more frequently, we confront reports about our computers, cell phones, and internet-connected devices being compromised and used against us: alleged Russian hacking in the 2016 election, stolen government secrets, massive corporate data breaches, identity theft, lost intellectual property. The vast majority of these attacks are against known vulnerabilities—such as weak passwords and poor email hygiene—and yet we keep getting hit. What can we to do confront this burgeoning threat?
Last week, the School of Public and International Affairs (SPIA), in partnership with the Hume Center for National Security and Technology, convened a round table discussion on Capitol Hill to discuss the nature of the cyber threat and the best strategies for countering it.
In his keynote address, Senator Mark Warner emphasized that as cyber permeates our way of life, we will need a “whole society approach” to cybersecurity. “It’s a matter of when, not if, a massive cyber event will occur,” said Warner, adding that we, as a nation, are ill-prepared. Warner noted that there are 360,000 unfilled cybersecurity jobs in the U.S., 30,000 of which are in the commonwealth of Virginia. In the next four years, he pointed out, 34 billion devices will be connected to the “Internet of Things“—and most of these are unsecured, so that hackers could take control of them and use them, as they did last October, to crash the internet on the east coast of the U.S.
Warner, who serves as Vice Chair of the Senate Select Committee on Intelligence, asserted that Russia undertook an “unprecedented attack on our democratic process” by hacking and releasing emails timed to maximize their impact on the 2016 election. Meanwhile, China steals $200 billion a year in intellectual property. A cofounder of the bipartisan Senate Cybersecurity Caucus, Warner noted that despite nine Senate committees holding twenty cybersecurity hearings in the past year, Congress had passed only one piece of cybersecurity legislation. Warner suggested a number of legislative agenda items, including requiring publicly-held companies to report cyber breaches to the SEC, upgrading outdated federal government IT systems, and making grants to cities and states to improve their cybersecurity posture.
The panel of experts, moderated by SPIA Professor of Practice and former Congressman Jim Moran, laid out a range of additional opportunities to confront the threat.
Dr. Charles Clancy, Director of the Virginia Tech Hume Center for National Security and Technology, emphasized Virginia Tech’s efforts at the intersection of cybersecurity and technology to address threats to critical infrastructure and personal privacy. “Our goal is to not only address current and future research challenges, but to educate students to develop the workforce that our country is going to need moving forward,” said Clancy.
Karen Evans, former Administrator for E-Government and Information Technology at the Office of Management and Budget, discussed the online competition and cyber camp aimed at launching students into cyber careers at the US Cyber Challenge, which she now directs.
Theresa Shea, former Director of Signals Intelligence at the National Security Agency and current Director of Cyber Reboot at In-Q-Tel, emphasized the need for more consumer education. Every individual needs to be part of the fight against hacking, she said. “There are three things we all need to do — use multifactor authentication, back up data, and never click on questionable links,” Shea said.
Moran noted, “The Pentagon gets 10 million cyberattacks every day. Clearly, cyber warfare is a threat to our national security, even our way of life.”
Virginia Tech will continue to lead in research, policy development, and education as we confront this critical threat.