U.S. Hustles Stronger Defense Against Worsening Cyberattacks

By Matthew Casey
Published: Monday, April 12, 2021 - 5:05am
Updated: Monday, April 12, 2021 - 8:16am

Audio icon Download mp3 (5.75 MB)

National Guard Cyber Shield 20
Master Sgt. Becky Vanshur/U.S. National Guard
Soldiers participate in the National Guard’s Cyber Shield 20 exercise in September 2020.

Think about your to-do list today and how much it relies on our elaborate cyber-universe.

You need it to work from home, to pay credit at Starbucks, and for your smart speaker to obey when you say play KJZZ.

Even a sprinkler-system like the one at Grand Canyon University could run off the internet, which means it can also be hacked.

Prof. Dwight Farris teaches cybersecurity, cyberlaw, cyberwarfare and other IT courses at GCU. He also gives expert advice to organizations hit by cyberattacks.

“And I always talk about proactivity. That’s probably the hardest thing to do in cyber,” he said.

Dwight Farris
Matthew Casey/KJZZ
Dwight Farris.

The state’s equivalent to a fire engine for responding to cyberattacks has been called to action in Arizona seven times since 2019, said the National Guard.

Hackers have launched major offensives in Arizona that the public does not know about, said Farris. With nearly everything connected, once they breach a system, hackers can stealthily move around. His gut tells him they aspire to a bigger target.

“And these were just tests, to be honest. These were just probing. ‘Let’s see how far we can go,’” Farris said.

He thinks this is also true for when the Arizona National Guard has had to send out the emergency response cyber task force.

“Because one, I know they have gone out more than seven times,” Farris said.

Hacker menace is not just a danger in Arizona. The Homeland Security secretary recently warned that cyberattacks are on the verge of life-threatening. He said the United States must build a diverse workforce of digital-defenders and change our mindset on cybersecurity.

Alejandro Mayorkas
U.S Department of Homeland Security
Alejandro Mayorkas in March 2021.

“Bold and immediate innovations, wide-scale investments, and raising the bar of essential cyber hygiene are urgently needed to improve our cyber defenses,” said Sec. Alejandro Mayorkas during a recent webcast.

Mayorkas thanked Congress for new power to be proactive on cybersecurity. He outlined a half-dozen short-term goals. Like improving infrastructure defenses and fighting ransomware.  

“A particularly egregious type of malicious cyber activity that usually does not discriminate whom it targets,” he said.

Another of the secretary’s short-term objectives is to mix diversity, equity and inclusion into recruiting and training the most talented people as cyber defenders.

“It requires equal access to professional development opportunities to fill the current half-million cyber vacancies across our country,” Mayorkas said.

Arizona is home to roughly 15,000 of those job openings, according to Cyber Seek.

One firm competing to hire people with skills to do the work is Datashield at Skysong Center in Scottsdale.

The company sells proactive-cyberthreat hunting, detection and response to businesses and government clients. David Norlin is the chief information security officer at Datashield. He’s a history buff, who wanted to be an intelligence officer. The Air Force had other plans.

David Norlin
Matthew Casey/KJZZ
David Norlin.

“I was the guy jumping in and out of hangars, annoying people. Being that guy that said, ‘Hey, I need to look at your computer,’” Norlin said.

The frequency at which the Arizona National Guard’s emergency cyber team has been needed since 2019 suggests many other attacks go unreported, said Norlin.

“Especially with everybody working from home, it's easier than ever to get at an organization,” he said.

Hyperbole is not Norlin’s style. But he said data unfortunately shows a rise in the scope and size of cyberattacks.

“I think we will maybe hit a critical mass when some major fundamental service that is a part of our everyday lives comes to a grinding halt.”

This could be an online service like Gmail.

Seizing control of traffic signals may be another target, said Farris at GCU. Action by the U.S. to build a labor force that can protect them is the right strategy, he said. But the U.S. already trails other countries, and it might be too late to figure out what's needed to stop an act of cyber-terror.

“The whole concept of hacking is not immediate or instantaneous. I mean, this could be something that has been researched for years,” Farris said.

To become a hacker now, one just needs curiosity, said Farris. Curiosity is also required for cyber-defenders to build a proactive security culture, out-learn and out-think an enemy who already knows the script of counter-moves.

Farris has taught curious students before.

The state and nation need more of them inside his classroom.

More Stories From KJZZ

Education Science