As the dynamics on the world stage get more complicated, our adversaries only get bolder in their attempts to bring the U.S. to its knees. And they aren’t relying on a traditional stratagem to do it. That’s why we must prepare for a new kind of warfare. The next global conflict won’t occur on the battlefield but in the “cyber field,” and we aren’t ready.
The last several years have shown us concerning developments in our adversaries’ approach to cybercrime. While reported cyber incidents decreased last year, our adversaries have grown more sophisticated in their approach. As we evolve our defenses, our adversaries evolve their tactics.
This is a game of one-upmanship and we’re losing.
For example, multi-extortion tactics—where an attacker exfiltrates data to extort a victim before their data is locked in a ransomware attack—occurred in about 70% of ransomware cases, compared to only 40% in mid-2021. Our adversaries’ ability to exploit the very technology Americans rely on day in and day out is extremely concerning.
Cyber criminals and malicious nation states do not distinguish between industries, business size, or geographical location. These attackers use domestic-based infrastructure to launch attacks on U.S. soil. Leveraging domestic cloud infrastructure, email providers, and other services, bad actors disguise themselves as legitimate network traffic to evade detection.
Preventing and disrupting these attacks will require enhanced public-private partnerships. In the 2018 National Cyber Strategy, the Trump administration called out this challenge and the need to address it. Meanwhile, the Biden administration continues to grapple with a response to this