shutterstock 1656790981The Potomac Institute for Policy Studies recognizes October as Cyber Security Awareness Month. When it comes to Cyber Security, how safe are we? Our experts say, not very. And the problem is expanding as those who try to hack into our lives find new ways to do so. But there are things to be done to help battle against cyber-attacks. At the Potomac Institute, we have warned for years that mitigating cyber-security issues goes well beyond simply downloading patches to fix software. Now, hardware security is also critical to cyber defense.

Dr. Mike Fritze, Vice President and Senior Fellow at the Institute says that protecting hardware can prove difficult because of a lack of confidence in the supply chain. “Right now, we can’t guarantee a safe supply chain for hardware. The system is rife with problems. We need to be mindful of those who want to cause us harm and make sure we put our cyber security top of mind,” he said. Dr. Fritze also says the COVID-19 crisis has given us a wake-up call. “The virus has given us an opportunity to see the damaging impact of brittle and unsecure supply chains. This problem is too big for industry alone to handle. We need to create a comprehensive hardware cyber initiative where both industry and government work together,” he said.

Melissa Hathaway, former Cyber Security advisor to both Presidents George W. Bush and Barack Obama, and a Senior Fellow at the Institute takes that notion one step further. She says it’s not just the supply chain that needs closer examination, but the entire ecosystem. Whether we are talking about a router delivered to your home, or an entire weapons system, she says we are vulnerable because our government and corporate leaders have other priorities. She cites the growing number of ransomware attacks and telecommunications outages—specifically, those that knock our businesses and government offline. Ransomware attacks have increased by 700% during COVID-19, targeting healthcare facilities and hospitals as well as key IT business system providers. “We must pay attention to what is happening across our country. The patching cadence of our software and hardware is at a volume that is unsustainable. The decision to embrace and embed often poorly-coded or -engineered, commercial-off-the-shelf technologies into every part of our connected society—from government systems to critical infrastructures and services to businesses and households—is not without consequences. The providers of these technologies—the ICT vendors—are incentivized to be first to market with their products, and the marketplace has simply accepted the vendors’ promise that they will fix or ‘patch’ the flaws in their products later. And these systems are being exploited—we are losing personal information, protected health data, intellectual property—and our services are being knocked off-line at the very time when we as a society are dependent to be on-line and our services available and reliable,” Hathaway said.

What advice should we give to the next Congress and to the Administration? Both Fritze and Hathaway say that until the U.S. government prioritizes cyber security, we will continue to remain vulnerable to attack. Hathaway emphasizes the need for a stable infrastructure. She said, “We need a reliable and affordable Internet and perhaps we should accelerate Amazon, SpaceX, and OneWeb’s ability to meet the demands and service our rural areas.” She also said the country could use a Cyber Health Task Force, potentially using the National Guard to help when a large entity is knocked offline, as happened to Universal Health Services—one of country's largest hospital chains—earlier this month.

Dr. Fritze agrees the government must spend the time and money to ensure these systems are safe and reliable. “The multi-billion dollar price tag currently being considered in the CHIPS and Foundries Acts is money well-spent if it is dedicated to taking action to ensure secure, safe chips and a secure supply chain. It is no longer up for debate. It needs to happen right away,” he said.

At the Potomac Institute, we recognize the expanding threats to an ever-changing cyber world. Cyber threats are yet another form of virus threat. Through independent and objective analysis of the best available data and evidence, we recommend sound policy options to our governmental leaders to combat this ever-growing threat.

About the Potomac Institute
The Potomac Institute for Policy Studies is an independent, non-partisan, 501(c)(3), not-for-profit science and technology policy research institute. The Institute identifies and leads discussion on key science and technology issues facing our society. From these discussions and forums, we develop meaningful policy recommendations and ensure their implementation at the intersection of business and government.