Cyber ​​warfare has reached a new level with attacks that are now disrupting supply chains, infiltrating governments and affecting national infrastructure. Cyber ​​threats at a national level have far more serious implications than a regulatory data breach affecting international relations.

In 2021, the United States accused China of launching a global cyber espionage campaign and responded by creating an alliance that included the UK, the European Union and even NATO. Beijing rejected this attempt, calling it irresponsible. In general, the situation was very tense between two superpowers and ultimately a conflict that highlighted a growing problem for government offices. Gloucester City Council in the UK has been attacked twice by attackers over the past decade, and the Belgian Ministry of Defense and the Canadian Ministry of Foreign Affairs have been targeted by hackers, perhaps the most serious of which were large-scale cyber attacks against Ukraine, leading to the closure of many government banks and government websites. The effects of the Ukrainian cyber attack highlight the catastrophic effects of cyber warfare at the national level. This should be a warning sign for other countries to enhance their own cybersecurity.

Check also:

While most countries such as the United Kingdom and Belgium are increasing their investments in cybersecurity, the United States is turning to major technology companies to help with cyber defense. After sending the letter in December, the White House met with executives from leading technology companies — including Google, Apple, IBM and Amazon — to discuss how to enhance software security in the wake of the attack on Log4j, an open source software. This is a bold step that shows that the private sector can be the answer to securing critical infrastructure and systems.

The current state of internal cybersecurity

Perhaps the obvious and inevitable challenge for governments is that states will undoubtedly engage in cyber espionage. In a world driven by digital data, the easiest way to gather information is to attack systems and data. Some of the 2020 SolarWinds/Nobelium targets included the Department of Homeland Security (DHS), the Cybersecurity and Infrastructure Agency (CISA), and the US Treasury.

Roger Grimes, data-driven defense evangelist at KnowBe4, discusses this political challenge. He comments, “Every nation-state is capable enough to attack its opponents with almost impunity. It is hard to tell your opponent to stop hacking you when you hack him too.” One possible solution to the problem of national electronic warfare is to create a set of global rules. Grimes proposes the Digital Geneva Convention “which defines what is and is not permitted between nation states, and in which all nation states agree to abide by agreed universal principles.” This will certainly increase the responsibility of countries for cyber-attacks, especially dangerous ones like the Ukrainian attack.

However, it is clear that cyber attacks are no longer something that can happen but is inevitable. Security should be a top priority, and governments should create an appropriate security framework that includes things like training and awareness, authentication, access management, and encryption of sensitive data.

Another important point is that in the world of data first, governments are still not able to collect good data about their cybersecurity problem.

“You need good data to better deal with a problem, and most governments don’t.” Grimes comments, “[Rządy] They know there is a lot of cybercrime going on, but they don’t know exactly how much and how it is being committed…All governments are working on these issues, but they remain complex and difficult to solve.

Companies are no stranger to ransomware and malware attacks. They strengthen their networks, manage identity and remote access, and reduce cyber threats. They collect data about the growing threat of ransomware, from the methods used to the vulnerabilities exploited. It makes sense for governments to turn to them for help.

The influence of big tech companies will increase

Commenting on how leading tech companies can help governments ensure cybersecurity, Grimes says: “It would be great for big tech companies to share (anonymous) customer attack data with the government to help them get better data. It would also be great for tech companies to come together The big ones come together to create and implement new or improved open cybersecurity standards and then integrate them into their products.In fact, we have the technical capacity to put an end to most cybercrime…we know how to do it…but we don’t have a consensus to do so.It would be great if Great technology came together, agreed to dramatically improve cybersecurity, and set the standards we need and apply in their products to best protect their customers. Unfortunately, the competitive nature of business makes it difficult for a group of competitors to unite for the greater good.”

And while the big tech companies are unlikely to put their differences aside for a common purpose – that’s what they did.

Tech companies including Microsoft, Google, Amazon, IBM and Apple have made major commitments in the United States and pledged to invest more than $30 billion and create 250,000 new jobs, according to a White House statement.

• Apple will create a new program to improve security across the technology supply chain and enable comprehensive adoption of multi-factor authentication, security training, vulnerability mitigation, event logging, and incident response.
• Microsoft has provided $150 million in technical services to federal, state, and local governments to modernize security protection. He also promised $20 billion over the next five years to intensify efforts to integrate cybersecurity through design as well as provide advanced security solutions.
• Google offered $10 billion over the next five years to help expand mistrust software as well as strengthen open source security and software supply chains.
• Over the next three years, IBM will train 150,000 people to improve cybersecurity skills, and will work with more than 20 universities and centers to increase the diversity of the cybersecurity workforce.

These are major investments by some of the most powerful technology companies in the world, providing tremendous support to the US government and laying the foundations for an overall stronger position in cyberspace. The private sector already serves some of the most critical components of infrastructure when it comes to cybersecurity. However, the question remains to allow the private sector access to government systems.

Too much power?

Companies like Google won’t be able to escape controversy, especially around data privacy and compliance. Mishandling of personal data has become a nuisance to leading tech companies in the wake of the General Data Protection Regulation, raising legitimate concerns about the level of access granted to these companies. Allowing companies like Microsoft to offer advanced security solutions that will be integrated with federal, state and local governments means that private sector companies can gain access to government networks and systems, many of which underpin citizens’ data and information.

Grimes sees a conflict between privacy concerns and government regulations, noting how prevalent cybercrime is today, “Government cannot do it alone. Big technologies cannot do it alone. But together with open standards and public participation, we can solve big problems and make The Internet is a safer place for computation. It can be accomplished. Most people think that making the Internet a safer place is impossible. But that is not true. All you need is a practical strategy, where each side is willing to abandon their extreme fears in order to find a common solution that works responsibly. Best of all. Give up a little to gain a lot.”

Sure, the big tech industry has pledged huge support to the United States, but that’s not entirely fair to other countries that don’t have the same resources but are clients of the same companies. There is also the question of whether this creates a conflict of interest for leading tech companies to provide local support while operating in other regions.

There is no doubt that technology companies can provide significant support by sharing their knowledge and security knowledge to enhance national defense, but there is also an important question about the extent of the role that technology companies should play in national cyber defense.

Source: IDG Connect