Hacking threats and cyber warfare are certainly not a new phenomenon. In fact, the past several years has seen a multitude of attacks against the US and other western nations initiated by countries like Russia and China. Last year, supply chain incidents against American entities Colonial Pipeline and JBS Foods clarified the potential threats facing the US and the rest of the world. Despite the dangers facing western nations, American cybersecurity, along with Canada and most of the western world, are thought to be severely lacking in manpower.
In the US, a shock report from the Washington Post claims that America is either just as vulnerable to hacking attacks or even more vulnerable today than five years ago. The reports of such a shortage of capable cybersecurity and IT professionals in America should be particularly concerning as the Department of Homeland Security (DHS), which is charged with overseeing the Cybersecurity and Infrastructure Security Agency (CISA) and is led by Director Alejandro Mayorkas, has been nothing short of pathetic, particularly in regard to its handling of the US-Mexico border.
Although many Americans may think that the dysfunction plaguing DHS would somehow affect the Cybersecurity and Infrastructure Security Agency (CISA), the agency, which has gone through many changes over the past year and a half, may have potentially helped keep America safer from cyber threats this year as opposed to 2021.
Among the many changes at CISA that may be contributing to what can possibly be called better results, as there hasn’t been a major infrastructure or supply chain hack at the level of the JBS Foods or Colonial Pipeline yet this year, include the installation of Jen Easterly as Director. That isn’t to say that there haven’t been largescale attacks that the general public may not be aware of, but newly proposed regulations in both Canada and America are aimed toward installing mandatory reporting requirements for private sector businesses that find themselves victimized by hacks.
In Canada, a recently proposed bill could force organizations in federally regulated industries to report hacks to the Canadian government’s Cyber Centre. The bill gives the government authority to audit private sector entities to ensure that they are complying with new laws. Should audited organizations or individuals fail an audit, they face administrative penalties of up to $1 million for individuals and $15 million for organizations.
Those found to not be in compliance may also face summary convictions or what is referred to as convictions on indictment. In addition, the organizations and individuals in these selected industries would also be forced into establishing new internal cyber programs intended to detect incidents and protect important cyber systems.
This move for Canada follows last month’s big news of a Huawei ban on Canadian 5G networks. Part of the reason that the bill is seen as key is that private sector organizations like cybersecurity certification group (ICS)2 are claiming that the global cyber workforce needed to grow by 65 % in 2022 to provide effective security.
In addition to the 5G Huawei ban, Canada’s Communications Security Establishment (CSE), announced earlier in June that it will expand a Security Review Program for telecom equipment and services to apply more broadly to Canada’s telecommunications networks and “consider risks from all key suppliers,”
Although there hasn’t been a major headline grabbing attack so far this year in either America or Canada, the threat of one is real, as earlier this week the Killnet hacking group claimed responsibility for cutting off as much as 70% of Lithuanian internet infrastructure from the rest of web in retaliation for the blockade of trade between Kaliningrad and Russia. Besides these “big-game” attacks and the attacks generally carried out by state-sponsored Advanced Persistent Threat Groups (APTs), the majority of cyberattacks globally still target individuals, as ransomware groups like the infamous STOP/DJVU family have produced hundreds of variants and have produced millions of dollars in ransoms from individual victims the past several years.
Ultimately, both the US and Canada must prioritize cyber threats, especially as cyber power Russia, which has limited options to attack western nations conventionally, isolates itself from the rest of the world as a result an increasingly unpopular war.
Julio Rivera is a business and political strategist, the Editorial Director for Reactionary Times, and a political commentator and columnist. His writing, which is focused on cybersecurity and politics, has been published by numerous websites and he is regularly seen on National and International news programming.