Cybersecurity goes beyond protecting your identity or ensuring safe elections. As recent weeks have demonstrated, internet security is just as important to the nation’s infrastructure as roads, bridges and airports.
In May, Christopher Krebs, former head of the Cybersecurity and Infrastructure Security Agency, warned a congressional hearing that the world was on the cusp of a “pandemic of a different variety. … Cybercriminals have been allowed to run amok while governments have mainly watched from the sidelines, unclear on whether cybercrime is a national security-level threat. If there was any remaining doubt on that front, let’s dispense with it now: Too many lives are at stake.”
Two days later, Colonial Pipeline was struck by the largest known hack on U.S. energy infrastructure. The result was a shutdown of a major fuel pipeline connecting the East Coast, resulting in long lines and soaring prices at gas stations as consumers engaged in panic buying. The company paid hackers $4.4 million to regain control of its systems.
Now, JBS Foods has been hit by a ransomware attack on its operations in North America and Australia. JBS, the world’s largest meat producer, has closed facilities in several states and canceled shifts at other plants.
“Attackers are operating like a well-oiled business industry, yielding high profits in a year that most businesses struggled,” one threat analyst told Vox.com. “Why? The new ransomware business model is relentless, extortive, and paying off.”
Threats to government entities are equally nefarious. In January, the office of Washington’s state auditor was hacked, exposing the files of 1.6 million unemployment claims from last year. The auditor had received the files from the Employment Security Department while investigating fraudulent claims that were paid.
The threat of identity theft through the hacking of banks or credit companies or government agencies is well known. Victims can spend countless hours canceling credit cards, securing accounts and explaining that, no, they did not purchase $10,000 worth of items on Amazon.
But cybersecurity threats against major companies are even more insidious, potentially leading to widespread chaos.
Most American infrastructure was built before the digital age, leading to difficulties in protecting systems. Krebs told Congress: “The underlying enabling factors for this cybercrime explosion are rooted in the digital dumpster fire of our seemingly pathological need to connect everything to the internet combined with how hard it is to actually secure what we have connected.”
President Joe Biden’s initial proposal for $2.3 trillion of infrastructure spending over the next decade did not include cybersecurity. He since has issued a detailed executive order designed to bolster the federal government’s defense mechanisms and has included robust funding for cybersecurity in a $6 trillion budget request for fiscal year 2022.
That request includes $750 million worth of fixes to “respond to lessons learned” from the 2020 SolarWinds hack, which exposed data around the globe and is suspected to have been backed by the Russian government; $500 million to replace outdated government technology systems; and $110 million for the Cybersecurity and Infrastructure Security Agency.
Whether the money is eventually included in an infrastructure bill or a separate budget measure, Congress should be quick to approve such spending. Cybersecurity is an essential part of modern infrastructure.