Everything we do is online. If you’ve been the victim of identity theft or an email phishing scam, you know how quickly your personal data can be stolen or threatened.
It’s important to know the difference between types of cyber threats and the right approach to fighting them.
There are three tiers of cyber threats, as explained by Heritage experts Steven Bucci, Paul Rosenzweig, and David Inserra:
1. Cyber crime. Cyber crime hits many Americans in the form of identity theft, phishing, or cyber vandalism. In 2006, the Government Accountability Office estimated that cyber identity theft cost U.S. citizens and companies almost $50 billion, and the threat has only grown since then. These crimes are usually committed by individual criminals, so-called hacktivists, or criminal organizations, and represent the most common form of cyber threat.
2. Cyber espionage. Espionage pursues large, important targets, such as military blueprints or proprietary business plans, and is often state-sponsored. China, for instance, is a known bad actor in cyberspace. The Chinese not only allow and sponsor hackers, but have entire military and government units dedicated to stealing data from governments and private companies. China has been engaged in a prolonged campaign of stealing U.S. intellectual property and military secrets. Together with other hackers and cyber operations, China has stolen billions, if not trillions of dollars in U.S. intellectual property, not to mention compromising U.S. national security secrets.
3. Cyber warfare. While cyber crime and espionage are serious problems, the U.S. also faces a threat from cyber warfare. Taking down communications, transportation, or other critical systems would severely impair the U.S. response to a physical attack, increasing the damage sustained. While such an event is “unlikely” according to Director of National Intelligence James Clapper, the U.S. must prepare for these threats, since terrorists or isolated states are likely to use such attacks as they gain the capabilities to do so.
Across all three tiers, poor information sharing is one of the main problems—and in this case, the government could offer protection, rather than regulating. Heritage experts recommend that “entities that share information about cyber threats, vulnerabilities, and breaches should have legal protection. The fact that they shared data about an attack, or even a complete breach, with the authorities should never open them up to legal action.”
The government hasn’t meaningfully addressed these problems—and it can’t solve them by regulation. Think about Obamacare: The law passed in 2010, yet we are just now seeing tens of thousands of pages of regulations being written. If cybersecurity regulations were created the same way, online threats would have changed many times by the time the regulations went into effect.
President Obama was dissatisfied with Congress’s lack of action last year, so he went around them with an executive order favoring a regulatory approach to cybersecurity. This was the wrong way to go, but Congress can still help.
To learn more about what Congress can and should do to protect Americans online, read the full report: A Congressional Guide: Seven Steps to U.S. Security, Prosperity, and Freedom in Cyberspace
Read the Morning Bell and more en español every day at Heritage Libertad.
- “Three members of the military, two US civilians and an Afghan doctor died after being hit by an explosion while travelling to donate books to a school” in Afghanistan, reports Sky News.
- The “Gang of Eight” may come out with its immigration bill this week.
- CNN may bring back its debate show “Crossfire” in June.
- Who is Kim Jong-un, North Korea’s mysterious leader? Watch this ABC News report featuring Heritage expert Bruce Klingner.
- We’re embarking on a project to improve Heritage's blog, The Foundry. We’d like to get your feedback on what you like—or don’t.Take our short, anonymous survey.