The Present and Future of Cybersecurity

2021 started off with a cybersecurity boom: The White House officially blamed Russia for the SolarWinds hack, where its foreign intelligence service compromised a software supply chain to spy on thousands of targets, from Microsoft and FireEye to the U.S. Departments of Commerce and Homeland Security. In April, the stolen data of 533 million Facebook users was leaked online. And in May, the Colonial Pipeline — a privately operated pipeline providing about 45% of the East Coast's fuel — was rendered nonfunctional due to a ransomware attack.

These recent incidents affecting U.S. government agencies, businesses, and citizens have only underscored the urgency of cybersecurity. Data breaches continue to strike banks and hospitals, government records offices, and social media firms. Criminals deploy ransomware attacks with increasing frequency, encrypting organizations’ data and holding it hostage. All the while, nation-states are developing more sophisticated cyber intrusion capabilities as many sectors continue to underinvest in protecting their systems and data.

The COVID-19 pandemic has only increased Americans' internet use and dependency, with remote work, schooling, health care visits, and social interactions taking place online more than ever before. The Biden administration has made cybersecurity a priority, from a recent summit with Russian President Vladimir Putin, to newly established White House positions, to a May executive order calling for the federal government to improve its efforts to “identify, deter, protect against, detect, and respond to these actions and actors.”

Within this national landscape, Virginia continues to expand its cybersecurity sector and cement its role in fostering next-generation cybersecurity talent, techniques, and technologies. The more digitized the country — and the more digitally dependent its population — the more important this leadership becomes.

With Great Connectivity Comes Great Risk

The cyber threat landscape is becoming more complex due to more widely deployed technologies, new attack vectors, and ever-more-sophisticated threat actors. One of the most significant cyber revolutions is the internet of things (IoT) — internet-connected devices, typically with less computing and battery power than a standard computer, deployed in everything from toasters to electrical grids. These IoT systems are increasingly entering not just houses and cars, but also public squares, government buildings, and private sector workplaces.

Across the country, Americans are joining the IoT fray: market analytics firm Statista places 2020 U.S. IoT spending at nearly $750 billion. That figure appears to be predominantly consumer- and private sector-driven; Gartner estimates that the U.S. government spent $15 billion in 2020 on IoT devices, for applications ranging from street lighting, to police surveillance, to toll management. According to Deloitte’s 2021 Connectivity and Mobile Trends Survey, 66% of American households now have smart devices.

By all accounts, connecting everything to the internet is hardly a fad. The market research firm IDC predicts that global IoT spending will have a compound annual growth rate of 11.3% over the 2020–2024 period, translating into trillions more to be spent on these technologies.

With each new connection, however, comes increased security risk. IoT devices link previously offline or noninternet-connected systems to the global web, making it possible for hackers to now target those devices from anywhere in the world. Compounding this problem is the often-poor security baked into these devices from the outset: weak encryption, easily guessable default passwords, and other major security issues.

Fostering Cyber Talent

Flashy new cyber defense technologies, however, mean little without humans to manage and improve them — and without personnel focusing their time and talents on the constant battle of maintaining strong cybersecurity. In short, none of this works in the absence of cyber talent.

(ISC)², a membership association of certified cybersecurity professionals, estimated that cybersecurity industry growth would create 4 million unfilled jobs around the world by 2022. This high demand and low supply persist in the United States — a full-on talent shortage.

Government agencies, companies, universities, and nonprofits are moving to close this gap. Investing in the cybersecurity talent pipeline can yield large payoffs for employers who need the skills; universities, conversely, can send graduates into well-paying jobs in a growing field. Not to mention that investing in the future cyber workforce helps boost the economy and protect citizens, companies, and the country. The Information Systems Security Association and the analysis firm Enterprise Strategy Group found in a 2017 report that the cyber skills shortage was exacerbating the data breach problem: There weren’t enough cybersecurity staff, and non-cybersecurity staff weren’t adequately trained.

As universities across the country launch their own cybersecurity and cybersecurity policy programs – from smaller community colleges to large research universities – so have those in Virginia. The Commonwealth created the Tech Talent Investment Program, a $2 billion initiative to double the number of graduates in computer science and related fields.

Today, the University of Virginia offers numerous cybersecurity classes. Its undergraduate cyber team also won its third National College Cyber Defense Competition in 2020, sponsored by Raytheon. George Mason University launched a new cybersecurity engineering department that same year, and the University of Richmond has continued offering its online cybersecurity boot camp through the COVID-19 pandemic.

“As a growing tech hub and the seat of much of the U.S. government’s military and intelligence presence, the Commonwealth is uniquely positioned to improve cybersecurity by fostering businesses that can make the internet a safer place through public-private partnerships and workforce exchanges," Maruyama said.

Building a Cyber-Resistant Future

Investment in cybersecurity is only growing. Crunchbase reports that venture capital investors poured nearly $8 billion into cybersecurity deals globally in 2020, with U.S. companies receiving over 76% of that funding.

The Biden administration, meanwhile, has already asked Congress for a $10 billion commitment in spending on civilian cybersecurity programs. $750 million of that, for instance, would go toward “lessons learned” from the SolarWinds hack. Members of the Cyberspace Solarium Commission recommend hundreds of millions be spent on the Cybersecurity and Infrastructure Security Agency (CISA) in the Department of Homeland Security.

All told, connectivity is increasing, and threats along with it — but so is public and private investment in a more secure, resilient digital future.

“We’ve seen a lot of bad news about the state of the internet and cybersecurity, but I want to remind people that the internet can also be a force for economic, social, and political growth,” Maruyama said.

Cybersecurity threats will never go away. Nor will the broad economic, social, and national security risks of online connectivity. But the many benefits, opportunities, and potential futures offered by new technologies — from smart health devices to cloud computing — mean cybersecurity will continue to be an increasingly critical part of building a safer digital world.