“As software becomes further embedded into everything we do, the gap between offense and defense will continue to grow unless we take actions to secure the cyber ecosystem.”
— Rep. James Langevin (D-RI)
The Internet has brought the world together, creating opportunities to connect individuals, link markets, and increase access to all kinds of information. But with these advances come new security challenges. The malicious cyber capabilities of U.S. adversaries and competitors have rapidly expanded in recent years. These attacks have included cyber attacks against military systems and critical infrastructure, cyber espionage targeting governments and corporations, and cyber influence operations through social media. Cybersecurity is one of the most serious national security threats facing the U.S. and it will require a whole-of-government response.
The threat of malicious cyber activities comes from both state and non-state actors, and targets public, private, online and physical infrastructure, making it particularly difficult to address. The United States has already fallen victim to cyber attacks, one prominent example is the Russian hacks and leaks that were part of a broader disinformation campaign targeting the 2016 elections. While this campaign marked the first attempt in U.S. history to sway a U.S. election via an online disinformation campaign by a foreign country, it is clear that this is a new norm against which America will have to defend itself.
of Americans view cybersecurity as a priority and believe the government should consider it as such, according to a Harris Poll survey.
Cyber attacks threaten more than just our system of governance: they gravely impact U.S. business and commerce. The Center for Homeland Defense and Security estimates that malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016. The number of cyber attacks carried out against the United States, by nation-states and terrorist groups alike, is increasing exponentially as cyber vulnerabilities increase due to the growing reliance on digital communication within our society and government.
Another growing threat in the cybersecurity space is artificial intelligence driving the spread of misinformation. Against the backdrop of the uncertainty of the global COVID-19 crisis, the spread of misinformation, and its adoption into the mainstream, took off in 2020. Conspiracies theories around the pandemic itself, vaccines, and masks took off and quickly worked their way into the mainstream. The problem is not unique to America – in Europe, Russian campaigns aimed to sow anti-refugee sentiment and undermine NATO, state controlled. In some cases, the spread of this disinformation is propelled by AI and its ability to create a network of real-seeming accounts while also strategically avoiding the pitfalls that may allow opposing AI deployed to catch misinformation to identify it. As our technological capability grows, so does the risk that it can be deployed against us.
President Biden has made cybersecurity a priority in his administration by dedicating an office in the White House to cyber-related issues. This marks a reversal from changes made during the Trump administration, during which cybersecurity was viewed simply as a policy field instead of a priority area and key roles, such as the White House cyber-coordinator, were eliminated. The White House cyber office will report to a new National Cyber Director role. A number of President Biden’s key nominees also have backgrounds in cybersecurity, including five officials nominated to the administration’s National Security Council.
This promotion of cyber issues from a policy field with few dedicated White House officials to a priority falls in line with the recommendations of the bipartisan Cyberspace Solarium Commission, co-chaired by Senator Angus King and Representative Mike Gallagher. In March of 2020, the commission released a report that advocated for a layered cyber deterrence approach to cyber security. The goal of this strategy was to reduce the probability and impact of cyber attacks by denying the benefits of cyber attacks to our adversaries, increasing collaboration with our allies and with the private sector, and increasing the U.S. capability to retaliate against actors who target the American cyberspace.
“As software becomes further embedded into everything we do, the gap between offense and defense will continue to grow unless we take actions to secure the cyber ecosystem.”
— Rep. James Langevin (D-RI)
Unfortunately, devastating cyber attacks by foreign adversaries in the weeks preceding President Biden’s inauguration laid bare the need for such a dynamic strategy. The SolarWinds hack by Russian actors impacted approximately 250 federal agencies and U.S. corporations. This hack, which went undetected by the government until it was discovered by a private cybersecurity company, reflects the vulnerability at all layers of cyber infrastructure. Three weeks after the discovery, U.S. officials were still scrambling to understand whether this breach was the result of a simple espionage operation or “backdoor” accesses built within the networks of private and public agencies, including those in charge of nuclear weaponry. Since that time, we have learned even more just how damaging cyber threats can be. New revelations suggest stronger Chinese hacking of U.S. than previously known and cyber attacks have been a crucial part of Russia’s invasion of Ukraine. The U.S. can and must do more to defend itself.
Although the Biden-Harris administration has not yet announced a comprehensive cybersecurity plan, President Biden’s national COVID-19 strategy included an assessment of “cyber threats and foreign interference campaigns” targeting vaccination and other public health programs. The $1.9 trillion relief package also earmarked $10 billion in information technology (IT) and cybersecurity infrastructure investments. These are promising and necessary signals that the Biden-Harris administration will continue to monitor cybersecurity threats, which are rapidly evolving and require comprehensive and proactive defenses.
Congress needs to advance new measures to protect American elections and key infrastructure from attack, to promote international efforts with our democratic allies advancing cyber security and stability, and to support the Biden-Harris administration along key fronts in the cyber battle. This starts with protecting our elections in the face of continued Russian aggression.
Congress failed to enact H.R. 2722 Securing America’s Federal Elections (SAFE) Act during the 116th Congress. Call your Representative and Senators at (202) 224-3121 and ask them to support the reintroduction of the SAFE Act in the 117th Congress. You can also ask your Senator to support the Cyber Diplomacy Act, which establishes the Office of International Cyberspace Policy within the Department of State. The bill passed the House but remains stuck in the Senate. The U.S. needs to be actively engaged in cyber diplomacy, working with our allies to establish norms and hold bad actors accountable.
Here are some things you can say:
Center for Strategic and International Studies
Cyber Incident Reporting: What It Is, Why We Need It, What It Will FixR Street, February 2022
AI and the Future of Disinformation CampaignsCenter for Security and Emerging Technology, December 2021
The Hidden Costs of CybercrimeCenter for Strategic and International Studies, December 2020
Cyberspace Solarium Commission Final ReportCyberspace Solarium Commission, March 2020
Thematic Brief: US Cybersecurity EffortsThird Way, March 2019
