In a 2014 report, the U.S. intelligence community listed cyberattacks as the top risk to the nation’s security. Cyber-risks were ranked as an even greater threat than terrorism or transnational organized crime.
Eric Pulse, a principal at Eide Bailly LLP in Sioux Falls, mentioned the assessment in oral and written testimony Sept. 3 at a U.S. Senate committee field hearing at Dakota State University in Madison, S.D.
“The severity and impact of cyberthreats have changed the landscape in which government, corporations, individuals and organizations of all industries, size and complexities operate,” Pulse told the Senate Committee on Commerce, Science, and Transportation, which is chaired by Sen. John Thune, R-S.D.
'Technology is advancing faster than our ability to secure it.' - Kevin Streff, DSU
Breaches of consumer data information have become common and are no longer simply an IT issue, Pulse said.
“The increase in frequency and sophistication of cyberattacks requires organizations to elevate the priority to C-suites and board rooms, and an overall cultural shift as it relates to cybersecurity,” Pulse said.
He was among six local and national experts on cybersecurity who testified at the field hearing, which attracted more than 200 observers to a packed classroom on the DSU campus. The other witnesses who submitted oral and written testimony were Josh Pauli and Kevin Streff of DSU’s faculty, Jeremy Epstein of the National Science Foundation, Kevin Stine of the National Institute of Standards and Technology, and Mark Shlanta, the CEO of SDN Communications in Sioux Falls.
DSU was a fitting site for the hearing because the school has nationally recognized programs in cyberoperations.
In addition to serving as a department chair at DSU, Streff is the founder and managing partner of two high-tech businesses: Secure Banking Solutions LLC and Helix Security LLC. He sees two major trends driving technology and security in the coming decade:
- The growth of the Internet of Things, or IoT, which is creating an environment in which objects, animals or people are provided unique identifiers and the ability to transfer data over a network without human-to-human or human-to-computer interaction.
- The proliferation of digital currencies, such as Bitcoin, which are creating a decentralized system for managing how societies exchange value.
“Put together with the Internet of Things, where 50 billion devices will be connected to the Internet by 2020, it is easy to see how digital currencies could be deployed as the backbone currency in the digital age,” Streff said.
All of those devices are potential targets.
Streff noted that 4.5 million small and medium-sized businesses in the United States are under heavy attack already, and most of them lack the skills and resources to combat cyberthreats.
“Technology is advancing faster than our ability to secure it,” he said.
Pauli, a professor of cybersecurity, offered some encouraging news.
“What we’re dealing with mostly is a people shortage. The good news is we have everything in place to fix that,” he said.
More students need to be encouraged to enter the field of cybersecurity at an earlier age, and financial help for college students should be expanded, he said.
Speakers also said businesses and individuals need to be more vigilant in protecting their electronic data.
Shlanta pointed out that, according to a 2014 IBM Security Services index, 95 percent of all security incidents involve human error. Steps such as limiting access to sensitive data and implementing a system of strong passwords can reduce risks. He compared good cybersecurity to good home security.
“It’s as simple as locking the front door,” he said. “Change the locks from time to time. Keep the bad guys out.”
Keeping the bad guys out also requires actions such as good employee training so, for example, employees don’t fall victim to phishing schemes, speakers said.
Pulse noted how the terrorist attack on the United States on Sept. 11, 2001, dramatically changed air travel. Restrictions were quickly added on air travel to keep Americans safer.
Despite the steady stream of attacks on civilian, business and government computing systems, the nation has not made a similar cultural shift to protect electronic information.
“We are still nonchalant with our sensitive data,” he said.
Thune said the hearing would help shine a light on the important issue of cybersecurity.
“We likely won’t ever find one silver-bullet solution or set of solutions to cybersecurity vulnerabilities, but we can continue to improve our ability to manage and mitigate cyber-risks,” he said.
SDN, a premier regional provider of broadband connectivity, is among the private companies that provide products and services that help businesses and institutions protect themselves from cyberattacks. Visit the SDN Communications website to learn more about the company.