During the ongoing coronavirus pandemic, the United States and its vital functions – including hospitals and food supplies – are increasingly vulnerable to targeted attacks by nefarious threat actors. Experts and lawmakers alike are advocating for the Trump administration to take action to deter these attacks, many of which are orchestrated by anonymous adversaries.
We are already seeing cybercriminals exploit this global health emergency, from spreading disinformation campaigns to launching digital attacks to overwhelm computer networks at the U.S. Department of Health and Human Services (HHS). At this time, unfortunately, we do not know who targeted the HHS, which shows the need for identity attribution. In order to respond appropriately, we must first understand the identity and motives of the adversary to get a clear picture of the situation. Playing defensive whack-a-mole is no longer a viable option.
The warning also comes as huge portions of the nation's workers are suddenly working from home on unfamiliar or even un-vetted equipment, raising the likelihood of digital vulnerabilities that hackers could exploit. Sen. Angus King (I-Maine), the commission's other co-chair, warned that the virus “underlines our overall vulnerabilities [to cyberattacks] and the absolute unscrupulousness of our adversaries.” Attorney General William Barr has already warned there will be “severe” consequences if the HHS attack or disinformation campaign are traced to an adversary government. He has also urged the Justice Department to prioritize prosecuting any cyber criminals who seek to profit from the pandemic. But he hasn’t described any specific responses yet.