In our increasingly cyber world maintaining the security of computer systems has never been more critical. In the past few years, it is increasingly evident that supporting an active defense of our computer infrastructure is as challenging as it is vital. Security breaches from North Korea, Russia, and China, as well as leaks caused by private individuals, have become more common.
This past January we learned about a new way your computer can be attacked through a series of significant security risks inherent to microprocessors. These vulnerabilities known as Spectre and Meltdown were discovered by several different researchers last summer who immediately began working with manufacturers to patch the issue as much as possible. What makes these vulnerabilities different from the dozens of other hacks, leaks and breaches is that they represent a new form of risk that might become all the more common in the years to come.
The problem was in the computer’s hardware, not the software, and it exists in all microprocessors manufactured in the last two decades. Making changes to hardware on large-scale requires a considerable effort between dozens of companies and governments alike, and in some cases, patches won’t be possible.
Spectre and Meltdown are likely just the first of a new arena of cyber-vulnerabilities. The flaw in the design of microprocessors allowed malicious software to gain entry into private computer systems by exploiting the processor’s speed. To fix the issue long-term might inadvertently affect the performance.
There are also other hardware vulnerabilities that are even harder for the computer industry to defend. We live in a world of computers, and sometimes the cheaper products that we allow on our networks make everything more vulnerable. Machines like DVRs, external webcams, networked appliances, and the dozens of different Bluetooth devices in every home create opportunities for hackers to gain access to our private information. The hardware in these machines often can’t be patched without entirely replacing the device.
In at least one case the sheer volume of attacks led the large Chinese telecommunications company, Telecom, to overhaul its entire cyber investigations team. Other companies are changing how they manage assaults by bringing more and more functions in-house to have around the clock defenses.
However, it’s not just major companies making changes. The US is increasing global cooperation with computer security in one area in particular. In May the State Department doubled the budget of the U.S. assistance programs for Ukraine cyber defense. The new funding will no doubt help Kiev combat the continued threat from Russia. Our ability to defend Ukrainian infrastructure will undoubtedly determine how well we can protect American interests from similar attacks. The Foundation for Defense of Democracies talked in detail about how this new relationship between the Ukraine and the US can benefit both nations. Click to learn more about FDD. Click here to read more about FDD’s CEO, Mark Dubowitz.
The U.S. could promote greater strength for Ukraine’s cyber network by encouraging the country’s membership in NATO’s Cooperative Cyber Defense Centre of Excellence (CCDCOE). The centre is known for its annual cyber defense exercise, “Locked Shields” and is open to non-member partners of NATO such as Austria, Finland, and Sweden. Participating in the NATO exercises would provide the U.S.-Ukraine alliance defense group an opportunity to test its security strategy and response plan, find areas where the program has failed, and work with partners to strengthen its cyber defenses in a simulated environment.
However, the most important reason for America to help Ukraine maintain its cybersecurity is that Russia can use their actions there as a proving ground to test America’s readiness to respond to cyber attacks. If our efforts fall short, then Russian cyber attacks on American systems will likely escalate.