In today’s world, we have all been to cyberspace and enjoyed the many conveniences this global domain has added to our lives. But did you know that cyberspace has been declared the fifth domain of warfare? Just like it does in our own lives, cyberspace provides interconnectivity and communications between the other four domains of war — air, land, sea and space. Therefore, an enemy doesn’t need extensive ground troops or nuclear weapons to take on the United States. All that’s needed are a few inexpensive tools, some knowledge and skill, and access to our networks where the cost of entry is almost nonexistent.
The U.S. faces millions of cyberattacks each day in both the public and private sectors; in some cases, hackers can easily find points of vulnerability in our systems. Typical cybercriminals will look for bank routing numbers, medical records and other sensitive personal information. Cyber actors working on behalf of nation-states or terrorist organizations seek access to corporate and copyrighted information, critical infrastructure and state secrets.
Yet, the United States continues to lack a coherent, comprehensive strategy to address these threats.
Last year, the Pentagon reported the cyber capabilities of other nations exceed the United States’ ability to defend its networks, meaning the likes of China and Russia are able to hack our networks and potentially wreak havoc.
Our adversaries have already shown they can and will exploit our vulnerabilities. In 2011, Iran hacked major financial institutions and then seized control of a New York City dam during a 2013 operation. In 2014, North Korea used their cyber skills to attack Sony Pictures in what most people viewed as a retaliation against a comedy film about an assassination attempt on Kim Jong Un. China’s massive intrusion into the security-clearance files at the U.S. Office of Personnel Management led to a data breach of over 23.9 million federal workers between 2014 and 2015.
Most recently, we dealt with Russian interference in the 2016 elections, and there are no signs of Russia stopping their attacks on our democracy or on others around the world.
These are just a few of the major cyberattacks we have endured over the years, and sadly, we will continue to face these threats unless we take action. Across the United States, it’s likely that we have all been victims of data breaches. So what will it take for us to change course and do something about these cyberattacks? We cannot sit back and wait for a catastrophic event, such as a major power grid getting hacked and taking us offline. Something of that magnitude would create panic and chaos, upending our daily lives like never before. Now that would be apocalyptic!
There is no cure-all to fix the state of our cyber defenses. But there are actions that can and should be taken to vastly improve our standing with our own cybersecurity.
First, we must build healthy partnerships between the public and private sectors in terms of deterring, detecting, defending, rapidly responding to, and recovering from cyber invasions. After the enactment of the Cybersecurity Act of 2015, we made some progress in this area, but we must be more effective in facilitating information-sharing in real time to better respond to quickly evolving cyberattacks.
Second, we must address the lack of cybersecurity professionals in both the public and private sectors here in the U.S. These professionals man the front lines, develop programming and fortify our networks. As a nation, we must expand and improve our future cyber workforce by bolstering education in science, technology, engineering and mathematics (STEM) with a particular focus on computer sciences. This is an area we can and must improve upon, and that starts with encouraging our future generations to get involved and become educated in these fields.
Third, the public and private sectors must establish appropriate ways to notify and communicate these threats to the general public. For our own consumer protection, the public must be notified as soon as possible about breaches and be provided guidance on how best to prevent identity theft.
Fourth, we must finally construct a comprehensive national cybersecurity strategy. This country can no longer afford to sustain these cyberattacks, lick our wounds and ultimately fail to change course. We must make clear, for instance, that a cyberattack would be met with a superior cyber reaction, or in extreme cases, using our military to deter these foes. Frankly, the American people deserve better from their institutions, and our institutions can do better for the safety and security of the American people.
Lastly, and perhaps most importantly, in order to be effective in preventing attacks, we need greater public and private financial investments in cyber defense. Although federal investment in cybersecurity has increased over the years, it’s failing to meet the challenges of the complex, ever-changing threat environment we face. Our enemies see opportunity in our vulnerabilities in cyberspace, and they are investing heavily to exploit them. We must rise to the occasion.
Taken together, these actions will put us on sound footing to meet or exceed the investments — and corresponding capabilities — of our adversaries.
To be clear, we can take some comfort in recent progress with our cybersecurity. In August, President Trump elevated U.S. Cyber Command to a Unified Combatant Command, which recognizes that the threats we face are far more dangerous than ever. In December, the administration announced a new “whole-of-government” national security approach, focusing on how cyberspace relates to all other aspects of our national security. But even with these efforts from the Trump administration, we do not have a fully comprehensive or coherent strategy for cybersecurity.
On Jan. 30, President Trump will give his State of the Union Address. Here, he has an opportunity to further recognize the challenges we face in cyberspace, assure the American people that a strategy is forthcoming, and then make good on his word. I hope he seizes this moment and gives us reason to see past our differences and work together towards a stronger, more cybersecure America.
• Rep. Adam Kinzinger, Illinois Republican, serves on the House Committee on Foreign Affairs and the House Committee on Energy and Commerce.