Data security: who is responsible for protecting cyber America?

US cybersecurity is more fragmented than it might seem, with state and federal governments having their own responsibilities, while private companies also have to work on their own infrastructure.

“We know that other nation-states — China, Russia, Iran, and North Korea — are following us in cyberspace,” Jameel Jaffer, founder and executive director of the National Security Institute at George Mason University School of Law, told Fox News. Digital.

“Usually we expect the government to defend itself against such attacks. If a Russian bomber appears on the horizon, no one says, “Hey, you know, Walmart or Target, why didn’t you have surface-to-air missiles in place?” the roof of your house, to defend against this Russian bear bomber?

“Of course we don’t expect [in cybersecurity]he continued. “We expect Walmart, Target, JPMorgan, a small family business in the center of the country to protect themselves from any cyberattack, whether it be someone in their basement, the Chinese nation-state or Russia. state of the nation.”

FROM PHISHING TO PROPAGANDA: HOW RUSSIA AND NATIONAL OUTSIDE USE CYBER POWER AGAINST THE USA

This photo illustration shows a warning message in Ukrainian, Russian and Polish on a smartphone screen and in the background in Ukraine on January 14, 2022.
(Photo illustration by Pavel Gonchar/SOPA Images/LightRocket via Getty Images)

This inverted relationship exists in part because the private sector owns and controls Internet access in the United States, although it has become an important factor in warfare. In the months leading up to the Russian invasion of Ukraine, military experts told Fox News that Digital’s cyberattacks would serve as a major indicator that an invasion was about to happen.

Describing what a Chinese invasion of Taiwan would look like, experts usually cite a cyberattack as the main indicator that Beijing will make a move.

SINGER BILLIE EILIS DOXXED BY CRIME APP: HOW TO AVOID THE SAME FATE

However, US cybersecurity is divided into three parts: the federal government, through the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security; state governments; and private companies.

“In general, cybersecurity policy has been quite progressive and bipartisan,” Jaffer told Fox News Digital. “It varies from member to member in Congress, but at the end of the day…we rely on them to get the right incentives.

This illustrative photo taken in Krakow, Poland on August 17, 2021 shows a hand on a keyboard with binary code displayed on a laptop screen.
(Jakub Porzycki/NurPhoto via Getty Images)

“We need to give them better incentives and not punish the industry with excessive regulations or excessive lawsuits and liability,” Jaffer said. “I think it might make us less cyber-secure.”

In a recent study, Proxyrack, a proxy provider website, conducted a survey in each state to determine which were most at risk of cyberattacks, based on the number of victims of cybercrime per 100,000 people. According to the survey, Nevada, Iowa, Alaska, Delaware, Florida, Maryland, Colorado, Washington, Arizona, and California are among the ten most vulnerable countries, showing little consistency based on region, political views, or factors other than simple investments in cybersecurity.

ARE YOUR OWN DEVICES UNINTENDEDLY SPOKENING YOU?

Phishing (email scam), vishing (phone scam), smishing (text scam), and pharming to redirect internet traffic to scam websites are the most common crimes, with just under 324,000 people affected in 2021 . Another 82,500 people were affected by non-payment scams, and about 52,000 more were affected by identity leaks.

California alone is reported to have lost $1.23 billion to cybercrime and fraud, while Texas, New York, and Florida lost over half a billion dollars to these same crimes in the same year.

A Homeland Security vehicle at the end of the day in Lower Manhattan on October 5, 2016.
(iStock)

“Despite the fact that there is a federal Department of Energy and the Federal Energy Regulatory Commission, we usually think that electricity, water and the like are the responsibility of the state,” Jaffer said. “I think you will see states do a lot more in this area and work with their populations and also respond to emergencies. If something goes wrong, as if you were during a hurricane or another earthquake or other natural disaster.

“States come first, the federal government comes later. And that’s probably where you’re probably going to see states play a role in cyberspace in cyberspace,” he said.

BEST PASSWORD MANAGERS OF 2023 VERIFIED BY EXPERTS

Jaffer stressed that private and public operators are only dealing with part of the picture as the federal government tightly controls information about threats from foreign players such as Russia, China, Iran and North Korea. Countries such as Iran and North Korea have greatly improved their cyber literacy over the past decade.

North Korea, in particular, has improved its capabilities and focused on fraud and other cyber operations that would allow it to get as much wealth as possible without sanctions.

The federal government has assumed the role of intermediary and supporter rather than leader in these areas. CISA regularly reviews various industries and government requirements and deficiencies to help them strengthen and improve their infrastructure.

“The primary role of the federal government, including through the CISA, in the Department of Homeland Security, within this national security role, is to provide both state and local governments, as well as private companies, with services, advice and information, to help keep them safe. their networks, help them understand threats, help them prioritize risk,” Eric Goldstein, CISA’s executive assistant director of cybersecurity, told Fox News Digital.

Joseph A. Blount Jr., President and CEO of Colonial Pipeline, testifies during a Senate Homeland Security and Governmental Affairs Committee hearing on the Colonial Pipeline cyberattack on Capitol Hill, June 8, 2021, in Washington, DC.
(Graham Jennings/Pool/Getty Images)

“We provide newsletters, we share information, and so our role is to really support the operators of these critical systems, whether they be state government or the private sector,” he added.

Goldstein acknowledged that this burden of responsibility placed on state governments could lead to “great diversity, especially among local governments, depending on their level of resources or their cybersecurity maturity.” But there are resources that can enable states and local governments to achieve “a common baseline, including the recently published CISA Cybersecurity Performance Goals.”

CISA aims to “help fill these gaps and raise the bar so that we achieve a higher baseline and greater uniformity of practice across the country,” he said.

CLICK HERE TO GET THE FOX NEWS APP

It remains to be seen whether various parts of the US cybersecurity apparatus can achieve this kind of efficiency and literacy, but CISA is trying to help “all sectors work together continuously on cyber threats.”

“I think it’s widely accepted at this point that every network is at risk and no single organization can protect its networks alone. Therefore, we must cooperate across all levels of government and with the private sector if we are to succeed. ” Goldstein said.