Rebecca Zisser / Axios

Endgame's chief social scientist Andrea Limbago breaks down the most critical cybersecurity issues threatening both the U.S. and the world today. From Russian meddling in the U.S. election, to the global WannaCry ransomeware attack, Limbago says we need to start getting serious — fast — about implementing stronger cyber policies and protections, before a catastrophic attack causes irreparable damage.

The broad view: Limbago is adamant that the size and scale of future cyber attacks will only intensify, but she's confident there are defenses that can be built, as long as society accepts the fact that more sophisticated and targeted attacks are coming. "We can't pretend it's not out there anymore," said Limbago. "We need our policies to step up to the modern reality."

Most security experts say you should "assume you will get hacked" — that it's inevitable. But what can companies do in place of that? Both from a user policy perspective and in regard to tech precautions?

Cyber security issues have been around longer than we give them credit for, and we really should have more policies in place by now. For the private sector, you can assume that you're going to be under attack, I think that's a safe assumption and we've seen that, but that does not mean you should throw your hands up in the air and just give up. They need to start taking the defensive aspect (such as education and installing protective software) much more seriously, and I don't think that's really happened yet.

As for the policy side, we haven't really gotten anywhere. For instance, the executive order that just came out. What we really need right now is an integrated policy. John McCain has been very vocal about this and I tend to agree with his point on cyber policy. We're kind of still running around without any guidance in that area, and that's why there has been zero sign of deterrence so far.

Do think Trump's cyber executive order has put a dent in the work that needs to be done in regard to cyber security?

The EO should've been more, it's kind of vanilla. There is nothing terribly provocative about it. On the one hand it's good because you have a proposal that finally starts to prioritize cyber security... but we're at the point where incremental assessments aren't what we need. We need more of a paradigm shift, and that's where policy can come in, as well as integration into larger, strategic outlooks.

What will it take for individuals, organizations, and the government to really get serious about cyber?

I wish I was more optimistic on this, but I do think it will take a pretty big attack. I almost feel that WannaCry was a testing ground... one theory is that that's actually what it was, a test to see how people would respond and how widespread it would be. Not that that's true, but if it were, it worked. You saw how organizations responded, how unprepared so many were. The US generally got off pretty light on that, so we were lucky, but just imagine if WannaCry had hit the US really hard, if it had hit our hospitals really hard.

At the end of the day, even though WannaCry made the 24-hour news cycle, it quickly peered off again. So, I think it would have to take something really large, something truly impacting the US. I hope it doesn't come to that, but honestly I don't see that happening right now.

Are consumers losing trust in some of the digital platforms they rely on so much?

I think that they're losing trust but I'm not sure it's changing their behavior. I think the public is less inclined to trust both the government to protect their data, but also increasingly now some of the big companies like Google and Facebook that actually own the data. I still think there's going to be a divide between the tech-savvy, the people who just really get it, and those who don't. I also think a lot of people think that even if they were to stop sharing so much, the data is out there already... so they just give up.

What's your biggest takeaway from the recent attacks we've seen? What should we learn from them?

On the one hand, there's been an appropriate focus on Russia, and that needs to continue. But with what Russia is doing, it's important to keep in mind that those kind of tactics and techniques are available to other actors as well. It's not just the Russians we need to watch any more. While our policies, some of which are 30 years old, were made to counter one threat, our response should not be to just solely focus on the Russia threat, but learn lessons on what they have done. Other actors — we saw it with WannaCry — are going to take their approaches to achieve whatever their own objectives are.

Go deeper

Dan Primack, author of Pro Rata
23 mins ago - Economy & Business

White House pushes to uphold TikTok ban

Illustration: Aïda Amer/Axios

The U.S. Department of Justice on Friday filed legal opposition to TikTok's request to delay a ban on downloading the app, with a judge expected to rule before the ban is set to go into effect Sunday.

Why it matters: The White House could have simply postponed the ban on its own for another week or two, as it did last Friday. This move suggests it's seeking to use the ban as leverage in ongoing negotiations.

36 mins ago - Podcasts

Substack and the future of media

Traditional media models, and even some of the digital ones, are either under pressure or outright broken. Some journalists have responded by going out on their own, leveraging a new group of startups that help them self-publish and monetize their work.

Axios Re:Cap digs in with Chris Best, CEO of Substack, which has more than 250,000 paying subscribers on its writer network.

Updated 45 mins ago - Politics & Policy

In photos: Ruth Bader Ginsburg lies in state at Capitol

A bipartisan group of female lawmakers line the steps of the Capitol as Ginsburg's casket is carried to a hearse. Photo: Jose Luis Magana/AFP via Getty Images

The late Supreme Court Justice Ruth Bader Ginsburg laid in state at the Capitol on Friday, the first woman and the first Jewish person to receive such an honor.

Driving the news: After a ceremony in National Statuary Hall, Ginsburg's casket was carried down the building's steps — flanked by a group of bipartisan female lawmakers for a final farewell.

Get Axios AM in your inbox

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Subscription failed
Thank you for subscribing!