America Under Fire — US Gov. Solarium Cybersecurity Report Sounds The General Alarm

The Cyberspace Solarium Commission report, released March 2020, is a critical document for all Americans. In uncharacteristically accessible language, the government study highlights the major cyber threat the nation currently faces. As fate would have it, the report was released to a nation in the throes of the Corona Virus pandemic. Of valid immediate concern, the Corona Virus’s cost to America, when all is said and done, will pale in comparison to the past, present and future damage caused by the nation’s lack of cybersecurity. (Ironically, the COVID-19 pandemic further highlights the cyber threat as malefactors have jumped on our collective vulnerability) The country has been under sustained attack for years, and things are only getting worse. The bi-partisan report notes that the threat is no less than existential to our way of life.

What makes the report a particularly important read is its ‘whole-of-nation’ perspective. When looking at cybersecurity, it is hard to get out of the trees and see the forest. Daily news details the latest attacks, strategies, precautions and organizations breached — the tactical minutiae of an ongoing war updated battle by battle. The Solarium report takes a step back and looks at the strategic theater in a way only a federal government can. What looks like brush fires close up, when viewed from geosynchronous orbit, is terrifying — a nation ablaze across all its sectors, private and public, with little defending its citizens under continual assault. Over the horizon, great and regional powers (e.g. China, Russia, Iran, North Korea, private actors) leverage their cybernetic weapons with near impunity, targeting American institutions and infrastructure, robbing intellectual property, stealing national productivity and resources. The report reads like a thriller, if only it were fiction.

Among the chronicle of ongoing threats is rampant intellectual property (IP) theft and system compromise. According to the report, “Our country has lost hundreds of billions of dollars to nation-state-sponsored intellectual property theft using cyber espionage. A major cyberattack on the nation’s critical infrastructure and economic system would create chaos and lasting damage exceeding that wreaked by fires in California, floods in the Midwest, and hurricanes in the Southeast.”

We would like to add a critical and urgent recommendation to the 75+ provided in the report. As we have reported, a commitment to using file share links in place of email attachments should be actively promoted nationwide and with allies. Email is the most ubiquitously used file sharing tool in private and public sector organizations. Email is the number one vector of attack. A significant percentage of viruses are delivered through malicious email attachments. Email is a primary contributor to data sprawl and therefore data leakage and loss. Email attachments create more than 55,000 duplicates of file content per user per year, while offering no innate security or tracking. This vast data sprawl of private and public sector data provides excessive opportunity to malefactors to access critical information without challenge and without leaving a single trace. Email attachments are a 1970s era file sharing technology that today increasingly serves to endanger ourselves, our organizations, our nation and even the world. Meanwhile, the modern and secure alternative is readily available in the form of secure file links offered by companies like Box, Egnyte, MS OneDrive and Google Drive. Email vendors, like Microsoft and Google, provide easy user interface shortcuts to use share links. Companies, like mxHero, provide technologies that fully automate the replacement of attachments for shared links before messages leave or enter the organization. It is hard to imagine any valid security discussion with the continued mass utilization of email’s fundamentally flawed file sharing architecture. To not address the email attachment issue is to pour countless billions into efforts with minimal results, like dumping water into a bucket with no bottom.

The Cybersecurity Solarium Commission has done the nation a great service. Their report can raise awareness, serve as a focal point, a clarion call and guide to collective action. In a time defined by bitter bi-partisanship, the report is a reminder that the political aisles that divide us are under one roof. The cyber threat is tangible, documented, happening, getting worse and affects all Americans. Before any political affiliations, it is a reminder that above all else, we are Americans. As the report highlights, we can only win if united — our companies, public organizations and private citizens. The strategy is clear: 1) shape behavior, 2) deny benefits, and 3) defend forward. Simple actions like replacing attachments with file links will fundamentally alter the topology of the digital battlefield by denying our opponents the information they need to wreak maximum damage. Come together America — no more email attachments.

Sources

1. USA Cybersecurity Solarium Report, March 2020
2. Hackers find new target as Americans work from home during outbreak
3. Our Dangerous Reliance On Email Attachments And What To Do About It
4. Wikipedia — Email Attachments
5. Containing Data Sprawl In The Work-At-Home Era of COVID-19 And Beyond
6. Save the Planet: Replace Email Attachments With File Share Links