Vulnerabilities in US Defense Could Lead to Major Breach in Two Years, Says Black Hat Survey

After Russians used techniques such as spearphishing emails and troll farms to inundate social media and influence the 2016 US election, concerns that the 2020 election is up for similar compromise are increasing. US intelligence and officials from the Democratic party are concerned that “Donald Trump and a powerful Senate ally are downplaying these concerns and not doing enough to thwart interfering,” according to The Guardian.

“Russia would be remiss not to try again, given how successful they were in 2016,” said Steven Hall, former member of CIA Senior Intelligence Service.

Upcoming US elections and critical infrastructure security were among heated discussion topics at Black Hat USA 2019. According to 40 percent of Black Hat USA’s 2019 survey respondents, “large nation-states” are the number one threat that US critical infrastructures will have to fight. When specifically asked about the US election, more than 60 percent expect Kremlin-supported hackers will compromise voting machines to influence the outcome. 77 percent expect a critical attack on US critical infrastructure to succeed in the next two years, up 10 percent since 2018.

US elections and critical infrastructures face imminent compromise partially due to “a lack of coordination between US government entities and private industry” as well as a dearth of IT security professionals. These factors were named the most significant risks by 16 percent, and 15 percent of respondents, respectively.

“It’s not my own organization’s cybersecurity that is problematic to me,” wrote one respondent. “It’s the US government and infrastructure, and major US and large multinational corporations, which are vulnerable to nation-state attackers and [advanced persistent threats]. By far, the biggest concern is the utilities and utility suppliers, such as [those that provide] power and water.”

65 percent of security experts are concerned their organization will suffer a disastrous data breach within a year, while in 2018 the same survey found that only 59 percent shared this concern. 

“I believe that government and private industry are adequately prepared to respond to a major breach of US critical infrastructure,” believe 21 percent of respondents.

The research report says 66 percent of professionals have too few security-savvy employees to handle security incidents, leaving them feeling hopeless and without proper protection for their organizations. Companies struggle to secure the right staff and financial resources to fight sophisticated cyberattacks and emerging threats amid employee burnout. As per the Black Hat survey, four in 10 security professionals show higher levels of anxiety, depression and addiction.