Placeholder Image

Subtitles section Play video

  • Cyberattacks seem to be really having a moment.

  • Take the U.S., for example: the FBI has reported 4,000 attacks a day since the COVID pandemic began, and there's no sign of things slowing down.

  • But how exactly did we get to this point, and how can cybersecurity help us get out of this mess?

  • The infrastructure that we use every single day, in our houses, in our cars, in our workplaces, and generally in the country as a whole, is full of computing systems.

  • Anything that prevents us from getting those things done, or in some way makes that computing infrastructure create a negative event, you know, we could consider that to be a threat.

  • Basically, cybersecurity refers to the practices, technologies, and processes designed to keep all of those threats at bay.

  • And these threats have evolved a LOT since the 1950s, back when Steve Jobs was hacking phones to make free long-distance calls.

  • A watershed moment for the world of cyberthreats came in 2010 with the discovery of STUXNET, the world's first digital weapon.

  • It was found targeting Iran's nuclear facilities, and in the process, proved that cyberattacks could have devastating consequences beyond the digital realm.

  • That kind of cyber-physical environment is really quite a modern phenomena in the last few decades, and so securing that environment is really what cybersecurity is all about.

  • Computers today are more complex than ever, as are the types of threats they face.

  • The more we ask our computers to do, open an email, visit a webpage, join a network, the more potential points of attack emerge.

  • To exploit these vulnerabilities, hackers have countless tools up their sleeves.

  • Create computer viruses, send out fraudulent emails, or flood a server with requests until it becomes totally unresponsive.

  • This ever-shifting threat landscape is of particular concern for governments and other organizations that use computers to deal with sensitive data and networks, like, say, the ones used to manage our power grids.

  • But it's not always easy to tell what's going on.

  • So, if we're talking about a very low competence, crude attack, there will be sort of digital fingerprints if you like, that will show you very quickly that actually something deliberate has been done here.

  • However, for more sophisticated attackers, if they want to hide their tracks a little bit, then the real problem with cybersecurity is that, that's possible to do.

  • And that's the kind of thing that you see in national level cyber attacks and defense postures.

  • And nowhere have we seen these concerns materialize so dramatically as in the U.S.

  • For years, experts have warned that if the U.S. government didn't change its behaviors, the fallout from cyberattacks would only get worse. But our ability to pivot hasn't kept pace.

  • For one, many U.S. federal agencies still rely heavily onlegacy systemsaka old, which are not only costly to maintain but also super vulnerable to hackers because of their outdated code and architecture.

  • That's not to say the government hasn't invested in new technology, notably, EINSTEIN, with the first version coming onto the scene in 2003.

  • This machine learning tool is used by nearly every federal agency to detect suspicious activity and identify potential attacks.

  • But even EINSTEIN has its limitations, because it's only one tool in our many layers of defense.

  • Because cybersecurity is such a big job, the government outsources a lot of its needs to 3rd party providers, like SolarWinds.

  • But when the company got hacked in 2020, EINSTEIN failed to detect the intrusion.

  • It wasn't until after that programmers introduced signatures of the SolarWinds attack to EINSTEIN's system, so that it could learn to do better next time.

  • This so-called "penetrate-and-patch" approach to cybersecurity is sort of like patching up an old pair of jeans.

  • The more patches you sew onto them, the more embarrassing they look and the less they function like actual jeans.

  • Patching introduces risk, and also makes it so that we're constantly working to fix the mess that cyber threats leave behind.

  • And these messes are expensive. Losses from cybercrime now total over $1 trillion globally.

  • Clearly, something's gotta change.

  • One approach that's gaining traction is to implement zero-trust architecture.

  • Basically, this means every user in a system must be authenticated on a continual basis, no matter if they're operating from inside the organization or not.

  • As part of a recent executive order by President Biden to modernize the government's cybersecurity, this zero-trust model will now be required.

  • Another emerging solution is called secure by design.

  • Its basic approach is to bake security into the design of computer hardware and software.

  • So, every step of the way, as you're developing that product, the security is a core feature of it.

  • So that by the time you get to the end, there's no bolting on.

  • One core tenant of this approach is to keep the system's architecture simple, so that the risk of design error is kept low.

  • But this approach can't always react to new vulnerabilities, which is why developing cyber resilience is so important.

  • The idea is that by employing certain strategies, like automatically backing up your data, blocking threats before they infiltrate your network, and training a system's users to identify problems before they arise,

  • we'll be prepared whenever a cyber attack does hit.

  • Because at the end of the day, we're all playing a role in our cyber infrastructure.

  • So we should all be aware of the vulnerabilities out there and keep pressuring our government representatives to take them more seriously too.

  • It's easy to think about cyber as just being about computers, but it's actually about human beings working with computational systems, right?

  • So we're all involved in it. So we should all be conscious of it, and understand how we use that infrastructure and maybe what the vulnerabilities are that we might face.

  • You may remember me saying that Steve Jobs used to hack phones.

  • He was part of a group called the phreaks, spelled ph-, for phone, who reverse-engineered the tones used by telecom companies to route long-distance calls.

  • Ah, the early days of hacking culture.

  • But if you want to learn more about hacking today, check out this video on the 2020 cyberattack that took out SolarWinds.

  • Let us know if there's anything else you want us to cover.

  • Be sure to subscribe, and as always, thank you so much for watching. I'll see you next time on Seeker.

Cyberattacks seem to be really having a moment.

Subtitles and vocabulary

Operation of videos Adjust the video here to display the subtitles

B1 cybersecurity cyber einstein infrastructure approach hacking

Why Isn’t U.S. Cybersecurity Infrastructure Good Enough?

  • 1599 75
    Summer posted on 2021/10/11
Video vocabulary