Has Cyber Security’s “Sputnik Moment” Finally Arrived?

When the Soviet Union sent Sputnik, the world's first artificial satellite into low-Earth orbit in 1957, it galvanized the U.S. into action, launching a race to space and the moon in the 1960s, and laying the foundation for the information age in the 1990s.

That generational technology revolution was waged in the heat and shadow of a Cold War that locked the U.S. and U.S.S.R. in a competition for geo-political and military supremacy. Following the Second World War, Americans took their technological superiority as a given, but Sputnik was America’s wake-up call – the Soviets were a serious, determined technological rival.

With the turn of the century, the world transitioned from the information to the internet age, and the race for technological supremacy was being run more in commercial arenas. This was also the time of Y2K and fears of a “Cyber Pearl Harbor” following the attacks on 9/11, when “cyber-security” became not just a word, but an emerging industry. Strangely, despite two decades of high-profile data breaches and threats to our critical infrastructure, it’s only recently that the U.S. government and the private sector are together taking a “Sputnik moment” approach to cyber security. The present-day Sputnik: ransomware.

Yes, ransomware attacks have been around for a long time. What’s different: the frequency and reach of these attacks are invading and disrupting our day-to-day lives. Ransomware attacks have shut down public transportation, oil pipelines, and even hospitals. Additionally, this year, the scope of the attacks has grown even more. The May attack against Colonial Pipeline, one of the nation’s biggest fuel pipelines, led to a shutdown of the company’s fuel distribution operations, leading to gas shortages across the eastern U.S. A few months later, hundreds of companies fell victim when ransomware attackers compromised a software supplier called Kaseya, using it as a jumping off point to extort the company's customers. 

What’s made these and similar attacks a collective Sputnik is how they have sparked a change in the general public’s attitude toward ransomware. Before the pandemic, ransomware wasn’t a topic that most people heard or talked about. Today, it's part of our daily vocabulary. The Colonial attacks showed us in a very personal way how a ransomware attack could trigger widespread disruptions.  And this wasn’t exclusive to the United States. 

Attacks such as the one against Ireland’s national health service, the Health Service Executive, also showed us how ransomware attacks and demands for money could be both life-changing and life-threatening. As with Sputnik, these incidents have become a wake-up call for policymakers. In this hyper-connected economy, there is no sector nor infrastructure that is immune to an attack.

In fact, engagement by both the legislative and executive branches is being powered by a shared sense of bipartisan urgency. There’s eagerness among legislators to pursue solutions, and a commitment among key leaders in the Administration to engage in a “whole of government” approach across agencies at all levels of government – federal, state, and local – and between government and the private sector. Whether this heightened sense of purpose will translate into new laws and regulations is unclear. What is clear is the shift in focus and shared purpose. 

From our perspective at Broadcom Software, the growing bipartisan consensus to take strong action to shore up our nation’s cyber security can only be a net positive. We’ve already seen Congress this year provide substantial investments targeted at improving cyber resiliency across government, most recently in the bipartisan infrastructure package that just became law. The House and Senate are also close to an agreement on measures that would enforce more rigorous threat incident reporting. That would be a very welcome step to promote the sharing of information about looming cyber threats, especially when organizations fall victim to attacks (something they often prefer not to publicize).

The Biden Administration, through its Executive Order earlier this year, is taking a comprehensive and collaborative approach with the private sector to improve software supply chains and architectures, and overall cyber resilience, while key federal agencies ranging from the Cyber Security and Infrastructure Security Agency to the National Institute of Standards and Technology, are working closely with security professionals across all sectors of the economy to turn the tide against ransomware.

As someone who has been immersed in technology policy over three decades, I can attest that this is a different era with a different set of circumstances. This debate wouldn’t have reached so deeply into the corridors of power in Washington were it not for the impact that ransomware is having on all Americans, and the organizations that matter in their everyday lives, notably schools, hospitals, and where they work. 

Ever since man took to the skies, American scientists knew that the U.S. ultimately would be involved in a race for space. But it wasn't until Sputnik that science fiction became national action. My hunch is that future historians, looking back to understand when and why the U.S. turned a corner on cyber security, will view ransomware in a similar way.