The U.S. has been growing weaker on cybersecurity for decades.

Reports of the hacking for corporations have dominated headlines every week, with one of the more recent bombshells being the cyberattack on the credit reporting agency Equifax, resulting in the loss of sensitive personal information of 143 million Americans. Other notable hacks include those of Adobe, Yahoo, eBay, and Anthem. Organizations such as WikiLeaks and Shadow Brokers as well as foreign nations have also engaged in theft from government agencies. Institutional systems have additionally been ravaged by ransomware exploits like WannaCry, Petya, and HeartBleed, with a generally poor recuperation.

So what does all this mean? For starters, it means that American taxpayers’ dollars and corporate funds are spent on repairing the damage inflicted by cyberattacks, with limited funding for security enhancement. The costs of cybercrime in the U.S. are estimated at around $100 billion each year, and for the global economy an additional $350 billion. Because insurance companies in the U.S. are relatively unprepared for the escalating crisis, and because the damage extends to critical infrastructure, the economic damage affects everyone.

Poor cybersecurity policy has also bled sensitive information on millions of American citizens for years. A trend in the theft of medical data — including insurance information, Social Security numbers, addresses, and email addresses — appeared in a string of health care companies being hit between 2016 and 2017; the stolen information can be used to purchase expensive services, drugs, and medical devices. Implantable medical devices themselves, such as pacemakers, are easily hackable, as many operate on old firmware. Financial data, including identification, account info, and credit reports, has also frequently been leaked by financial institutions, with banks remaining top targets. With a lack of proper oversight by company leadership, as well as the shocking outdated nature of user interfaces, more cyberattacks are bound to happen.

Many of the cyber risks the U.S. faces every day are fixable, however — but government efforts are needed. To achieve effect, these efforts need to be unified and firm, which can be achieved through federal law. Congress must pass legislation requiring security breaches involving personal data to be reported, providing resources for tighter enforcement of consumer data dissemination rules and report time limits. The U.S. government should also make a greater effort to work with corporations over malware protection and removable media policies, and to enact universally standard security measures and network design rules. The education of consumers and the adoption of new cyber tools should also be incentivized — Americans must know how to identify exploits, integrate malware detection, and generally ramp up their personal cybersecurity. Finally, the U.S. government must pivot toward the private sector to end the shortage of cybersecurity professionals, and subsidize the education of professional hackers, analysts, and others to promote a safer, more secure future.

The cybersecurity of American consumers and corporations should not be politicized. We live in an increasingly connected world, and protecting our networks is necessary if our country is to move forward. It is our collective duty to secure our property and information, and we must do this by promoting strong governance; only then can we rebuild our trust in the future of the cyber world.


Vignesh Subramanian is a sophomore at Wilton High School and a member of the Wilton Model Congress.