Cybersecurity Lessons from a Pandemic: Better Preparing Cyberspace for Future Threats

The COVID-19 Pandemic brought on major changes to our lives in a multitude of ways — masks, social distancing, telecommuting, and more — many of the changes to our world has recently seen will have lasting impacts on how we operate. The U.S. Cyberspace Solarium Commission (CSC) was established in 2019 with the intent to “develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences.” As a part of the John S. McCain National Defense Authorization Act for Fiscal Year 2019, the creation of the CSC was the United States’ first strong initiative to try and fight cybercrime and protect against cybersecurity vulnerabilities strategically to protect the entire nation. The Commission recently came out with its first whitepaper, Letters From a Pandemic, which will have a very real impact on the future of cybersecurity.

The white paper begins with drawing parallels between a pandemic and a cyber attack, describing how both can be global in nature, requiring mutli-national response in order to contain its spread, as well as such incidents requiring professionals to take a closer look at their crisis management plans. These three parallels are all very true and the last in particular should be taken quite seriously. The pandemic has shown us how quickly terrible things can take over — cyber attacks act very similarly and it is important for us to learn from our current situation to prepare for the future. Businesses should now not only have pandemic emergency plans in case of future global crises, but they also need to be sure to have both strong cybersecurity practices on a regular basis as well as emergency preparedness plans.

The report goes on to highlight 32 of the Commission’s initial recommendations from earlier in the year and most notably, goes on to add another four recommendations regarding the future of cybersecurity.

IoT Security Law

The first is an insistence that Congress pass an Internet of Things (IoT) Security Law. This law is inspired by the shift to a mostly work-from-home economy due to the COVID-19 pandemic. This means that businesses which used to operate mostly in on-site offices had to make abrupt shifts to fully online, telecommuting operations. With this, many less-than-secure personal devices were now relied on for a company to complete its business — suddenly making a person’s home WiFi and laptop the backbone of a company’s operations.

As hardwired, direct cable connections to Internet become less needed or used, these Internet-enabled devices are becoming more and more necessary for businesses to operate. Increasing the security of these IoT devices is essential for both businesses and individuals alike to be digitally protected, especially with many businesses across industries hinting at a continuation of a work-from-home model in some form or another.

The Cyberspace Solarium Commission’s solution to this? Pass an Internet of Things Security Law. The white paper emphasizes that this law should have a focus on that portion of the workforce who is operating from home. Because of the Coronavirus outbreak, household internet of things (IoT) devices such as laptops, tablets, personal cell phones, and particularly household routers, have become utilized more than before for more privileged work compared to what used to be conducted on them. This opens huge vulnerabilities for businesses. This law would require that manufacturers of IoT-enabled devices include built-in security measures into products particularly those which have known issues or weaknesses.

Support to Nonprofit Cyber-Aides

The second is a recommendation to increase support to cyber-specific nonprofit entities that aide those who combat cyber crime and support victims of cyber attacks. As the COVID-19 pandemic has shown us, nonprofits can come together as a community to serve as essential partners to law enforcement when it comes to cybercrime. They manage to come together quickly in order to deliver a swift response in identifying and taking down major online threats. These nonprofits often face financial hardships caused by these assisting efforts. Because of this, the CSC implemented their recommendation in this newest white paper to assist in funding these entities for their efforts.

Social Media Data and Threat Analysis

The CSC’s white paper also emphasizes the importance of establishing a Social Media Data and Threat Analysis Center. To quote the white paper directly, ” To this end, the Commission supports the provision in the FY2020 National Defense Authorization Act that authorizes the Office of the Director of National Intelligence to establish and fund a Social Media Data and Threat Analysis Center (DTAC).” The report goes on to say that this center would be a nonprofit which has the goal of unifying public and private entities in order to detect foreign influence operations and threats which come in the form of social media. Similarly to how citizens receive updates on COVID from trusted sources such as WHO and the CDC, the representatives of this Center would be in charge of informing the public about the criteria for such threats as well as offer a searchable archive of current issues being faced in the country.

Identifying Foreign Threats

Another major issue comes in the form of foreign cyber threats, as these are often difficult to check or validate. In order to combat this, the Commission recommends an increase be seen in a nongovernmental capacity in order to identify potential foreign “disinformation and influence campaigns” and fight to counter them as well. This is related very much to the last recommendation of protecting social media as the same Center would be used to communicate issues to the public regarding emerging threats. The recommendation suggests that the Department of Justice provide grants in consultation with the Department of Homeland Security and the National Science Foundation, to nonprofit centers seeking to help with this. This can include things such “malign foreign influence campaigns can include covert foreign state and non-state propaganda, disinformation, or other inauthentic activity across online platforms, social networks, or other communities” according to the white paper.

This Commission will hopefully continue to try and learn from the on-going pandemic and assist further to help protect the public from threats in the cyber realm in the future.

Image by Pikisuperstar for Freepik.