Stop the Shenanigans: A Broken System, Deadly Consequences, and the Need for Real Change, Now!
By Dr. Chase Cunningham
January 11, 2025
The United States is losing the cyber war and will continue to lose. For years, adversaries have exploited the growing weaknesses in our systems, excessive legal failures, bureaucratic shenanigans, and lack of expertise on this critical topic on Capitol Hill and in the White House, and today, the consequences are not only financial but lethal. Americans have now died as a direct result of cyberattacks, and our leadership—spanning multiple administrations—has failed to act with the urgency and authority the crisis demands. Hospitals have been ransomed, schools are under siege, and the critical infrastructure supporting children and families remains increasingly vulnerable. While we comply with outdated rules, invest in proven failed technologies, and add to our bureaucratic red tape, our adversaries innovate. The time for half-measures and performative posturing has come and gone.
It is long past time for bold and decisive leadership to dismantle the broken system and build a functional one.
We Are Still Failing, Despite Billions Invested
Cyber preparedness, response, and governance failures have marked the past decade. Despite billions poured into new agencies, new compliance frameworks, policies, and initiatives, the United States still needs to prepare to deter and mitigate cyber threats. Our enemies exploit the sluggishness of bureaucratic processes and outdated systems while we drown in compliance checklists and regulatory paperwork that do little to secure our networks. Worse, there is no apparent empowered singular authority for national cyber operations, no decisive leadership vehicles that can effectively oversee offensive or defensive efforts. We have plenty of lawmakers and thinkers, but those individuals are hamstrung at best and unable (or unwilling) to leverage their authority to make a difference at worst.
We are still grappling with the same systemic weaknesses that allowed catastrophic breaches, like the SolarWinds attack in 2020 and the Colonial Pipeline ransomware incident in 2021. Those breaches, while devastating, were merely warnings. Today, cyber actors have moved beyond disrupting businesses and are attacking the most vulnerable parts of our society: hospitals, schools, and critical infrastructure. And unlike in the past, the consequences are increasingly fatal.
Let me repeat it: Americans are dying via cyber attacks!
In 2024, it is estimated that 87 American lives were lost due to cyberattacks and ransomware on hospitals across the nation. Those ransomware groups crippled a hospital's systems, forcing delays in treatment that led to tragedy. This should have been a national wake-up call that galvanized leadership to action. Instead, it barely registered in the headlines. Hospitals are increasingly targeted by cybercriminals seeking to profit from chaos, and healthcare professionals are forced to navigate outages that threaten lives.
These attacks are not theoretical or anomalous. They are part of a clear and escalating trend.
The crisis is not confined to hospitals. Schools have become a prime target for cybercriminals exploiting underfunded IT systems and overburdened administrators. Ransomware attacks on school districts have surged, disrupting education and exposing sensitive student information to the dark web. Attacks on schools jeopardize not just student safety but the foundation of our future—the next generation of Americans' digital lives and security are being stolen one hack at a time. Yet our governance systems have failed to prioritize protecting these essential services, leaving children and families in harm's way.
A Broken System Best Serves Our Adversaries Not Americans
While cyberattacks grow more sophisticated, our response must be revised in bureaucracy. Federal agencies, private entities, and local governments operate in silos, following compliance frameworks designed for a bygone era where checklists meant something, but those checklists mean little, if anything, in today's cyber first world. This fragmented approach leaves gaps for adversaries to exploit and needs a coherent strategy for defense or retaliation. Worse, the compliance-driven culture has created a false sense of security—as though completing a checklist is a substitute for resilience. It is not, period.
Meanwhile, our adversaries—both nation-states and criminal organizations—move with speed and agility. They are not burdened by audits or bureaucratic oversight. They are laser-focused on exploiting our weakest points, leveraging everything from ransomware to disinformation campaigns to destabilize our systems. The U.S. cannot continue to fight this war with outdated tools and processes. We need bold reform, transparent leadership, and national unity to recognize that cybersecurity is not a niche issue but a matter of life and death.
The Need for National Leadership
We need a singular authority to oversee national cyber operations—one empowered to act decisively against threats, streamline our fragmented efforts, and enforce standards that work. We have border czars, economy czars, and others who are solely focused and empowered to act within their one area of expertise, yet we have no cyber czar who can act on this critical topic. Cybersecurity cannot be relegated to compliance checklists or regional initiatives; it must be treated as a top national security priority. President Trump and the new administration have a unique opportunity to address what past leadership has failed to fix: the absence of a cohesive, national strategy for cybersecurity.
To lead effectively, we must move beyond the broken culture of compliance. Investments must focus on outcomes, not checkboxes or VC dollar reward schemes. This means modernizing critical infrastructure, employing a new generation of cyber professionals, fostering real public-private partnerships that encourage innovation rather than stifling it with red tape, and eliminating and optimizing our monolithic failed agency structures that ingest tax dollars but yield little outcome. It also means swiftly defending our most vulnerable institutions: hospitals, schools, and infrastructure that support American families. Every delay, every failure to act, strengthens our adversaries and weakens our nation.
Action is needed, not more talk and certainly not more regulations on an already hamstrung industry.
This is All Fixable
The United States has always been at its best in meeting new threats with bold action and visionary leadership. Cyber threats should be no different. The consequences of inaction are now deadly, and the time for complacency and unyielding expense has run out. We cannot allow another hospital to be held hostage, another school to be breached, or another American life to be lost because we failed to prioritize cybersecurity.
To President Trump and the new administration: we need decisive change and a willingness to break the status quo. Americans deserve to be protected from cyber threats, and anything less than a full commitment to reform is unacceptable.
The old system has failed. It is time to build a new one that works before it is too late. Your new administration takes office on January 20, we could have effective cyber change moving forward on the 21st of January.
The entirety of this problem is addressable and technical controls and solutions exist to enable the actions we need collectively.
Please don’t let another American die because of a lack of technical understanding or a failure to employ an effective cybersecurity strategy.
References
Cyberattacks and Healthcare: Ransomware attacks are increasingly targeting hospitals, delaying treatment, and endangering lives, as evidenced by documented delays in chemotherapy and emergency care (Kanter et al., 2021). Additionally, ransomware attacks can lead to fatalities during critical emergencies, particularly in untargeted hospitals impacted by adjacent cyberattacks (Pham et al., 2024).
Schools and Infrastructure Under Siege: Schools face heightened risks as ransomware attacks have surged, exploiting outdated systems and overworked staff (Hijji & Alam, 2021). These attacks disrupt education and expose sensitive student data to cybercriminals.
Critical Infrastructure: Cyberattacks on critical infrastructure, such as energy systems and pipelines, highlight vulnerabilities in outdated bureaucratic processes and interdependencies (Watney, 2022).
Bureaucracy and Compliance Failures: Existing regulations, such as HIPAA, remain outdated and ill-equipped to address advanced threats from ransomware and state-sponsored hackers (Kanter et al., 2021).
Economic and Human Consequences: Cyber disruptions can have cascading impacts, with ransomware crippling healthcare systems, costing billions, and contributing to excess deaths (Portela et al., 2022).
Urgency for National Leadership: The interconnectedness of healthcare and critical infrastructure demands a unified national strategy to address emerging threats and secure essential services (Simu & Zaman, 2023).
About the Author
Dr. Chase Cunningham primarily guides client initiatives related to Zero Trust strategies, security operations center (SOC) planning and optimization, counter-threat operations, encryption, network security, and strategic concepts and implementation. He helps senior technology executives with their plans to leverage comprehensive security controls and the use of a variety of standards, frameworks, and tools to enable secure business operations. Dr. Cunningham focuses on integrating security into operations; leveraging advanced security solutions; empowering operations through artificial intelligence and machine learning; and planning for future growth within secure systems.
Previous Experience: Chase served as a director of cyber threat intelligence operations at Armor. He was the computer network exploitation lead for Telecommunication Systems and the chief of cyber analytics for Decisive Analytics. Dr. Cunningham is a retired U.S. Navy Chief with more than 20 years’ experience in cyber forensic and cyber analytic operations. He has past operations experience, stemming from time spent in work centers within the NSA and other government agencies. In those roles, he helped clients operationalize security controls; install and leverage encryption and analytic systems; and grow and optimize their security operations command systems and centers. He is also the creator of the Zero Trust eXtended Ecosystem framework that has been a guide for the global ZT movement.
Chase holds a Ph.D. and M.S. in computer science from Colorado Technical University and a B.S. from American Military University focused on counter-terrorism operations in cyberspace. He is the host of the DrZeroTrust podcast on Spotify, an author of numerous books including Cyberwarfare: Truth, Tactics, and Strategies, and petition starter for Augmenting our cybersecurity strategy for National infrastructure.