Another Cybersecurity Awareness Month is winding down, and as we gather around our digital campfires to recount the valiant tales of hackers, ransomware, and government incompetence, nothing says “cyber progress” quite like the reality that we’re one phishing email away from losing our Social Security numbers, our Netflix passwords, and — worst of all — our dignity.

In this election year, we find ourselves at a thrilling crossroads: will the direction of cybersecurity — and, to a lesser extent, the legislative future of artificial intelligence as Apple Intelligence is set to be released this month — hinge on who sits in the Oval Office come January 2025?  You bet it will.

But let’s not kid ourselves: America’s not exactly riding high in the cyber-saddle at the moment.  If we’re going to lead the world in cyber-defense, then maybe, just maybe, we should stop treating it like an afterthought at the Department of Homeland Security (DHS), which is rapidly becoming the DMV of federal departments.

Enter Alejandro Mayorkas, the embattled head honcho at DHS, who has overseen — let’s be real — the not so grand disintegration of the American southern border.  This is a man so effective in his role that if the border were any more open, we’d be offering concierge services to smugglers.  Under his watch, not only has the border situation deteriorated, but CISA (the Cybersecurity and Infrastructure Security Agency) — a subdivision of DHS — has been floundering like a teenager trying to understand a Y2K meme.

Speaking of CISA, let’s pour one out for Jen Easterly, the agency’s current head, who has been tasked with implementing the administration’s brilliant plan to Align Operational Cybersecurity Priorities for Federal Agencies.  I know what you’re thinking: aligning priorities sounds harmless enough.  But when “aligning priorities” includes complicated jargon to disguise a half-baked strategy that may accidentally gift-wrap our systems for hackers, well, we might want to be a bit more skeptical.

But no worries!  Previous reports indicate that the Biden administration has a crack plan to solve the problem: they’re aiming to hire 500,000 new cyber professionals with a “Diversity, Inclusion, and Equity” (DIE) hiring initiative.  Because, you know, when you’re trying to fend off Russian hackers or stop a North Korean Advanced Persistent Threat (APT) group, it’s crucial to make sure your task force has an appropriate mix of yoga enthusiasts and interpretive dancers.

If the 2024 election swings in favor of Trump, we’ll see the rapid ousting of both Mayorkas and Easterly.  Rumor has it that Trump has some real “cyber warriors“ waiting in the wings to take over CISA.  What’s important here is that they’d come with a different playbook, one that’s less about diversity quotas and more about practical solutions, such as possibly knowing how to set up two-factor authentication.  Revolutionary, I know.

Names like Joshua Steinman, Trump’s former cyber adviser, and Matthew Pottinger, his onetime deputy national security adviser, are being thrown around as possible successors to Easterly.  What do these folks have in common?  Well, they’re part of a more hawkish cyber school of thought, which we could use right now, given the current state of cyber-threats from China, Russia, Iran, and everyone’s favorite digital gremlin: North Korea.

These aren’t just ordinary hackers.  These are government-sponsored APT groups that come with the backing of the world’s most nefarious regimes.  You know, the kind that can get into your network and set up shop as if they own the place.

In a heroic attempt to prevent foreign actors from rummaging through our digital attics, the U.S. Department of Justice (DOJ) recently rolled out new rules aimed at curbing access to sensitive data for countries like China, Russia, and Iran.  These rules are designed to prevent bulk data exploitation for purposes like espionage, cyber-attacks, and good old-fashioned blackmail.  About time, right?  Now, if only we had the ability to stop the state-sponsored actors already launching ransomware attacks from their cushy headquarters in Moscow.

But it’s not only government systems that are under constant attack.  No, the vast majority of cyber-attacks still target the little guys, meaning you and me, so let’s not forget that LockBit ransomware is still running wild, while sneaky trojan horse malware like POWER Rat is lurking in the shadows.  Our adversaries are becoming more sophisticated by the day, and our defenses?  Well, let’s just say there’s room for improvement.

Meanwhile, one of the most critical cyber issues that popped up this month, the CVE-2024-43573 vulnerability, has made international headlines for its ability to hide in networks, waiting to spring on the unsuspecting I.T. department that forgot to apply the latest patch and poses immediate danger across virtually all sectors.  It’s a vulnerability so pervasive that you’d almost think we were trying to make hackers’ lives easier.  But hey, at least we’re aligning our operational priorities, right?

As we careen toward November 2024, it’s clear that the cybersecurity future of the country will be shaped by this election.  Will we continue to lurch forward with a DIE-driven cyber hiring plan, hoping that diverse but possibly underqualified candidates can hold the line against state-sponsored cyber-armies?  Or will we see a pivot to a more pragmatic approach, focusing on actual cybersecurity skills and strategies, should Trump return to the Oval Office?  One thing’s for sure: if we don’t get our act together soon, we won’t be leading the world in cybersecurity — we’ll be handing it over to our adversaries, one ransomware attack at a time.

So, as we close another Cybersecurity Awareness Month, let’s take this time to reflect, laugh, and possibly cry a little as we face the hard truths of our cyber-failures.  Because if history is any guide, the hackers are always a few steps ahead, and we’re just trying to keep up.

Julio Rivera is a business and political strategist, cybersecurity researcher, founder of ItFunk.Org, and a political commentator and columnist.  His writing, which is focused on cybersecurity and politics, is regularly published by many of the largest news organizations in the world.

Image via FreePik.