The United States faces a relentless wave of cyber attacks, with an incident occurring every 39 seconds. The Internet Crime Complaint Center reported that in 2022, these breaches inflicted a financial toll of $10 billion. Digital breaches not only risk the exposure of sensitive personal information of millions of Americans but also threaten to disrupt essential national services.
Addressing the cyber threat from China
Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency (CISA), highlighted the evolving threat from China.
“We’ve long been focused on the cyber threat from China,” Easterly said on Jan. 31. “But as you’ve heard in recent years we have seen a deeply concerning evolution in Chinese targeting of U.S. critical infrastructure. In particular, we have seen the Chinese cyber actors including those known as Volt Typhoon burrowing deep into the critical infrastructure to enable destructive attacks in the event of a major crisis for conflict.”
In January, the FBI announced it shut down an attempt by the Chinese hacking group to infiltrate U.S. infrastructure through outdated internet routers. FBI Director Christopher Wray called Volt Typhoon “the defining threat of our generation.”
Nebraska’s legislative efforts in cybersecurity
Nebraska state Sen. Loren Lippincott, R, emphasized the need for proactive measures in cybersecurity.
“Cybersecurity is certainly an issue that we need to talk about,” Lippincott said. “And unfortunately, in politics, I have found that we tend to be reactive instead of proactive.”
He also said nearly 70% of all public sector entities faced ransomware attacks in 2023. Now, Lippincott is spearheading two critical legislative efforts aimed at strengthening Nebraska’s cybersecurity framework.
The first bill seeks to upgrade the state’s cyber defenses with the latest tools and software. The second bill proposes a bold move to recruit ethical, white-hat hackers.
“You want the hackers to try to break into our system and find out where the leaks, where the holes are in the dike,” Lippincott said. “We’re looking for vulnerabilities. And the only way we can know where our vulnerabilities are is if we are tested and it’s wise to test before we get attacked.”
Cybersecurity breaches have exposed the medical records of hundreds of thousands of Nebraskans, leading to multimillion-dollar settlements from some of the state’s leading health care providers. Lippincott emphasized that having security measures isn’t enough; consistent testing of cybersecurity systems is crucial.
He was inspired by his nephew, who worked in the private sector as an ethical hacker.
“If an organization is responsible for securing sensitive data of any kind, they must think like the enemy and be able to defend themselves from those enemies,” Lippincott said. “Of course, defensive security is definitely important, but organizations also need to have offensive security as well.”
Lippincott likened it to the military’s Red Team vs. Blue Team drills. The Red Team pretends to be the enemy, and in the cyber space, the Red Team wears white.