As Cybersecurity Awareness Month 2024 winds down, we find ourselves reflecting on a landscape riddled with ransomware attacks, cyber breaches, and government inefficiencies. Nothing sums up the state of "cyber progress" quite like the realization that we’re just one phishing email away from losing our personal data—Hulu passwords, social security numbers, and, perhaps most devastatingly, our dignity.
This election year brings us to a critical crossroads. The direction of cybersecurity, and even the broader legislative future of artificial intelligence, with Apple Intelligence set for release, depends heavily on who takes the White House in January 2025. Let’s be honest: America isn’t exactly excelling in the cybersecurity arena right now. If we plan to lead the world in cyber defense, perhaps we should stop treating it like an afterthought at the Department of Homeland Security (DHS), which, at this point, is starting to feel like the DMV of federal departments.
Alejandro Mayorkas, the embattled Secretary of DHS, has been at the helm of a department increasingly mired in controversy, particularly over his handling of the southern border crisis. Under his leadership, not only has the border issue spiraled out of control, but the Cybersecurity and Infrastructure Security Agency (CISA)—a subdivision of DHS—has been struggling to stay afloat, much like a teenager trying to decipher a Y2K meme.
CISA’s current head, Jen Easterly, has been tasked with implementing the Biden administration’s plan to Align Operational Cybersecurity Priorities for Federal Agencies. On the surface, this sounds like a reasonable strategy. However, in practice, the plan has faced skepticism, with critics warning that it may create more loopholes than it closes. A bureaucratic alignment that potentially leaves doors wide open for hackers isn’t exactly comforting.
The current administration has a plan to address the cybersecurity workforce shortage: hire 500,000 new cyber professionals with a focus on Diversity, Equity, and Inclusion (DEI). While diversity is important in any workforce, many are questioning whether prioritizing DEI over technical expertise is the best approach to defending against advanced cyber threats. When facing state-sponsored hacking groups from Russia or North Korea, it’s not the time to prioritize "yoga enthusiasts" over seasoned cybersecurity experts.
Should the 2024 election swing in favor of Donald Trump, we’ll likely see a swift reshuffling of leadership at DHS and CISA. Mayorkas and Easterly could be replaced by Trump’s picks, rumored to be names like Joshua Steinman and Matthew Pottinger—individuals who align with a more hawkish approach to cybersecurity. This shift would likely bring a focus on practical cyber strategies rather than diversity quotas, and we might even see the revolutionary step of promoting people who know how to implement two-factor authentication.
Trump’s team would bring a more assertive approach, prioritizing defense against the increasingly aggressive cyber threats posed by countries like China, Russia, Iran, and North Korea. These are not your average hackers; they are state-sponsored Advanced Persistent Threat (APT) groups, armed with the resources and backing of hostile governments.
In a move to counter foreign espionage, the U.S. Department of Justice (DOJ) has recently rolled out new regulations aimed at limiting access to sensitive U.S. data for nations like China, Russia, and Iran. These new rules are designed to curb large-scale data exploitation, cyberattacks, and, of course, good old-fashioned blackmail. While this is a step in the right direction, we’re still dealing with major cyber threats that originate from state-backed APT groups in places like Moscow. These groups are orchestrating ransomware attacks from the comfort of government-approved operations.
Of course, the government isn’t the only target. Cybercriminals are also setting their sights on individuals and businesses, with LockBit ransomware leading the charge. This particular brand of ransomware has been wreaking havoc across industries, from healthcare to local governments, extorting millions and causing untold damage.
Additionally, there’s POWER Rat malware, a sneaky trojan horse infection designed to infiltrate systems and operate in the shadows. It’s a silent threat, lying in wait for the right moment to cause maximum disruption. Then we have CVE-2024-43573, a newly identified vulnerability that’s making waves in the cybersecurity world. This flaw, hidden within networks and waiting for the unwary IT department to neglect a crucial patch, poses a severe threat across numerous sectors.
While these cyber infections may not dominate the headlines every day, their effects are far-reaching, and they underscore just how much work we still have to do to protect our digital lives.
As we approach November 2024, it’s clear that the cybersecurity direction of the United States will largely depend on the election’s outcome. Will we stick with the DEI-driven hiring plan, hoping that a more diverse but potentially underqualified workforce can hold the line against state-backed cyber armies? Or will a Trump administration pivot to a more skill-based approach, focusing on hard cybersecurity strategies to fend off our increasingly sophisticated adversaries?
One thing is for sure: if we don’t get our act together soon, we won’t be leading the world in cybersecurity. Instead, we’ll be handing over control of the digital battlefield to our adversaries—one ransomware attack at a time.
As we close another Cybersecurity Awareness Month, it’s time to reflect on our vulnerabilities and take a hard look at the future of our cyber defenses. The hackers will always be a few steps ahead, but it’s on us to do everything we can to narrow that gap. Let’s just hope that by this time next year, we’ll be in a stronger, more secure place, both in our defenses and in the policies we enact to protect them.
Julio Rivera is a business and political strategist, cybersecurity researcher, founder of ItFunk.Org, and a political commentator and columnist. His writing, which is focused on cybersecurity and politics, is regularly published by many of the largest news organizations in the world.
Join the conversation as a VIP Member