Gongol.com Archives: August 2022
Immediately following the Russian invasion of Ukraine, the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security (which bills itself as "the nation's cyber defense agency") launched a public-facing campaign under the slogan "Shields Up. The intent of the campaign was to raise domestic awareness of the cybersecurity threat posed by Russian interests (and by other malicious actors) and to encourage private initiative to undertake preventive measures to secure against attack. ■ It has been remarked with some surprise that Russia hasn't had the level of success that observers feared in the cyber domain. That could reflect a practical failure to execute a bigger plan, a choice to focus elsewhere, a campaign that hasn't been fully activated yet, or something else altogether. ■ But it is a shame that the campaign has stagnated. CISA last tweeted the phrase "Shields Up" in May, which was also the time of the most recent bulletin under the campaign umbrella. Even if the threat seems more docile at the moment, the plain fact is that America is still largely asleep about the need for a sustained, consistent cybersecurity defense posture. ■ Maybe the metaphor itself is what needs reconsideration. "Shields Up" was an intentional reference to "Star Trek", but the spacefaring ships of that show didn't travel with their shields up all the time. Perhaps something different is needed to communicate the defensive behavior that needs to become the full-time expectation of the American public today. ■ What's needed is less a temporary countermeasure like raising the shields around the Enterprise, and more a permanent, sustained investment of time, resources, and expertise in fighting back against the encroachment of relentless threatening forces that approach from every angle. The metaphor that suits best may be the windmills of the Netherlands that work without rest to keep the lowlands dry. ■ Someone with Madison Avenue skills can come up with the catchy slogan, and should -- because whatever the disposition of the fight to defend Ukraine, bad actors are still going to come after America. There will not be a time to put the shields down, though there will undoubtedly be future needs to reintensify our defenses. ■ And just as it was awkward to eventually retire the color-coded national threat system instated after 9/11 (because the level was really never going back down), so too will it be problematic if anyone is seen backing down from warnings to take cybersecurity seriously. Like seat belts, air bags, and defensive driving, cybersecurity hygiene is an always-on condition.