Our Response to the SolarWinds Hack – A Global Cyber Pledge

• Why should I take the #globalcyberpledge?
• How we’re solving cybersecurity by individuals coming together and getting educated?
• What is the need for continuous improvement?

Our privacy and freedom are under attack by foreign, state-sponsored bad actors and we’re standing by letting it happen. Why? Because the answers are right in front of us yet we remain complacent. Back in 2015, Ginni Rometty, IBM Corp.’s Chairman, President and CEO said at IBM’s Security Summit, “cyber crime…is the greatest threat to every profession, every industry, every company in the world.” Kronis found that 64% of Americans in 2020 don’t know what to do after a data breach let alone best practices on how to prevent one. So why haven’t we learned from this?

Technology not only consumes our professional lives, but our children are being brought up in a new digital world which spans every aspect of their lives from smart homes to online education yet our schools and academic institutions often lack basic cybersecurity awareness training and education. By coming together and spreading cyber literacy, starting with our youth and informing our family and friends, we’re able to have a stronger and more secure, unified front. Cybersecurity will become common knowledge because it’ll be less daunting and more mainstream. Those pesky phishing emails will cease to flood inboxes because bad actors will realize that these tactics will no longer work, wouldn’t that be nice?

This isn’t a one-off effort, but a continuous flow of information. As cyber attacks become more complex, our ability to stop them will become stronger with the consistent flow of wisdom.

The #globalcyberpledge:

I pledge to continuously educate myself and the people in my community in matters of cybersecurity, to improve my own cyber hygiene, and resilience against cyberwarfare as part of an interconnected global society.

SolarWinds Hack: My Perspective

As someone who’s been in information technology and cybersecurity for over 25 years, I agree, the widely reported SolarWinds breach is the most damaging cyber-attack on the United States in history. Microsoft recently reported they were affected. The list of core governmental departments attacked is growing by the minute with the Pentagon, the Treasury Department, the National Security Agency, CISA, Homeland Security and National Institute of Health to name a few, but this just the beginning. SolarWinds’ compromise is extensive, with a client list toping 300,000, what we’re seeing now is just the tip of the spear – a sophisticated, multi-vector attack paving the way for a new series of relentless attacks that thrust deep into the very core of our nation and threaten our democracy. But this story is far from new.

This has been going on for decades and we have fallen asleep at the wheel while they have been sharpening their swords. Whether due to politics, fatigue, complacency, or substandard education, it’s clear that we are currently outgunned. Our enemy has boundless resources, no moral compass to consult, and a disregard for human life that confounds us.

Cyber-security professionals often say that a cyber “cold war” between the US and state-sponsored threat actors in Russia, China, North Korea and other adversaries has been underway for some time. An attack on a US power grid last year showed attackers could breach firewalls and obscure access to critical controls and communications. Ransomware attacks on hospitals, large companies and the government sector are increasingly commonplace, especially as our country still deals with the impact of COVID-19.

This is not a cold war – this is a hot war and it cries out for the attention of every American.

Microsoft just flexed their muscles with four quick blows that helped to minimize the attacker’s reach and, still, the threat lives on. Microsoft can’t do this all on their own. They’ve built an incredible open-source architecture which has afforded the tech community innumerable benefits for years, from business productivity tools to powerful databases and critical network management software. With 88.6% of all PCs globally, they impact every corner of innovation, but the bigger you are, the bigger the target and the greater the diffusion of responsibility when problems arise. It’s fantastic that they are stepping up their response as our ‘IT Marines’ and they need a steady, relentless surge coming behind them.

“Do not repeat the tactics which have gained you one victory, but let your methods be regulated by the infinite variety of circumstances.” – Sun Tzu, The Art of War

How can we win if we all abdicate responsibility and expect Microsoft to do this alone?

This is why aiden and a variety of next-gen cybersecurity focused startups are leading the charge in bringing new technology to market to solve common and fundamental challenges with computers.

Will you stand with us?

When Pearl Harbor happened, we did not sit around waiting for big companies like Microsoft to unleash their “Death Star” on the enemy. Every man, woman and child picked up a tool or learned a new skill and we banded together as Americans to fight our common enemy. Those ‘first responders’ did their work quickly and our adversaries completely underestimated our ingenuity and resolve.

Now is the time. The threat of cyberwarfare isn’t going away so here’s our chance to lock arms and say enough is enough. Americans must stop saying that we don’t understand cybersecurity and take action. With the abundance of free resources out there, there’s no excuse. It’s time for us to stop clicking on risky links, opening malicious emails, or engaging in other irresponsible behaviors that exacerbate the problem. Our level of fervor for our constitutional rights should only be multiplied in our attention to establishing a cyber beachhead and pushing back our enemy.

While politics is dominating the headlines, this enemy is not concerned with what party we’re in or where we’ve immigrated from, instead they’re all about an orchestrated and vicious attack on our very way of life in the US – our freedom and rights to privacy, security, and quiet enjoyment.

“The remediation effort alone will be staggering.” – Thomas P. Bossert

If we band together in a unified offensive, share wisdom with our neighbors, and get educated on cybersecurity best-practices, we will embrace new technologies at home. Let’s lift each other up and strengthen our guard. Let’s encourage companies that are bringing new technologies to market to protect our sensitive information. We are not suggesting that there isn’t work to be done in transparency and accountability across corporations, but we can’t allow the faults in any one company to stop innovation.

As a tech leader, I’m not saying that you must buy our technology to win this war, I’m saying that we must come together, arm ourselves with the most innovative technology that’s available to stop our recent history from repeating itself. Our enemies have figured out how to do this and we can’t just standby, letting others fight the war for us.

Not feeling up to the challenge?

Rosie didn’t know anything about riveting when she first started, but she stepped up to the plate, rolled up her sleeves and started making airplanes; and those suckers flew…better yet we won the war, so what’s our excuse?

“In the midst of chaos, there is also opportunity.” – Sun Tzu

Take the #globalcyberpledge: I pledge to continuously educate myself and the people in my community in matters of cybersecurity, to improve my own cyber hygiene and resilience against cyberwarfare as part of an interconnected global society.