America's Cyber Crisis: A Broken System, Deadly Consequences, and the Need for Real Change

The United States is losing the cyber war and will continue to lose without urgent decisive action. For years, adversaries have exploited the growing weaknesses in our systems, excessive legal failures, bureaucratic shenanigans, and lack of expertise on this critical topic on Capitol Hill and in the White House, and today, the consequences are not only financial but lethal. Americans have now died as a direct result of cyberattacks, and our leadership—spanning multiple administrations—has failed to act with the urgency and authority the crisis demands. Hospitals have been ransomed, schools are under siege, and the critical infrastructure supporting children and families remains increasingly vulnerable. While we comply with outdated rules, invest in proven failed technologies, and add to our bureaucratic red tape, our adversaries innovate. The time for half-measures and performative posturing has come and gone.

It is long past time for bold and decisive leadership to dismantle the broken system and build a working one.

Cyber Failures Are Mounting

Cyber preparedness, response, and governance failures have marked the past decade. Despite billions poured into new agencies, new compliance frameworks, policies, and initiatives, the United States still needs to prepare to deter and mitigate cyber threats. Our enemies exploit the sluggishness of bureaucratic processes and outdated systems while we drown in compliance checklists and regulatory paperwork that do little to secure our networks. Worse, there is no apparent authority for national cyber operations, no decisive leadership that can effectively oversee offensive or defensive efforts.  We have plenty of lawmakers and thinkers, but those individuals are hamstrung and unable (or unwilling) to leverage their authority to make a difference.

We are still grappling with the same systemic weaknesses that allowed catastrophic breaches, like the SolarWinds attack in 2020 and the Colonial Pipeline ransomware incident in 2021. Those breaches, while devastating, were merely warnings. Today, cyber actors have moved beyond disrupting businesses and are attacking the most vulnerable parts of our society: hospitals, schools, and critical infrastructure. And unlike in the past, the consequences are increasingly fatal.

Let me repeat it: Americans are dying via cyber attacks!

In 2024, it is estimated that 87 American lives were lost due to cyberattacks and ransomware on hospitals across the nation. Those ransomware groups crippled a hospital's systems, forcing delays in treatment that led to tragedy. This should have been a national wake-up call that galvanized leadership to action. Instead, it barely registered in the headlines. Hospitals are increasingly targeted by cybercriminals seeking to profit from chaos, and healthcare professionals are forced to navigate outages that threaten lives. 

These attacks are not theoretical or anomalous. They are part of a clear and escalating trend.

The crisis is not confined to hospitals. Schools have become a prime target for cybercriminals exploiting underfunded IT systems and overburdened administrators. Ransomware attacks on school districts have surged, disrupting education and exposing sensitive student information to the dark web. Attacks on schools jeopardize not just student safety but the foundation of our future—the next generation of Americans' digital lives and security are being stolen one hack at a time. Yet our governance systems have failed to prioritize protecting these essential services, leaving children and families in harm's way.

A Broken System Serves Our Adversaries

While cyberattacks grow more sophisticated, our response must be revised in bureaucracy. Federal agencies, private entities, and local governments operate in silos, following compliance frameworks designed for a bygone era where checklists meant something, but those checklists mean little, if anything, in today's cyber first world. This fragmented approach leaves gaps for adversaries to exploit and needs a coherent strategy for defense or retaliation. Worse, the compliance-driven culture has created a false sense of security—as though completing a checklist is a substitute for resilience.  It is not, period.

Meanwhile, our adversaries—both nation-states and criminal organizations—move with speed and agility. They are not burdened by audits or bureaucratic oversight. They are laser-focused on exploiting our weakest points, leveraging everything from ransomware to disinformation campaigns to destabilize our systems. The United States cannot continue to fight this war with outdated tools and processes. We need bold reform, transparent leadership, and national unity to recognize that cybersecurity is not a niche issue but a matter of life and death.

The Need for National Leadership

We need a singular authority to oversee national cyber operations—one empowered to act decisively against threats, streamline our fragmented efforts, and enforce standards that work. We have border czars, economy czars, and others who are solely focused and empowered to act within their one area of expertise, yet we have no cyber czar who can act on this critical topic.  Cybersecurity cannot be relegated to compliance checklists or regional initiatives; it must be treated as a top national security priority. President Trump and the new administration have a unique opportunity to address what past leadership has failed to fix: the absence of a cohesive, national strategy for cybersecurity.

To lead effectively, we must move beyond the broken culture of compliance. Investments must focus on outcomes, not checkboxes or VC dollar reward schemes. This means modernizing critical infrastructure, training a new generation of cyber professionals, fostering real public-private partnerships that encourage innovation rather than stifling it with red tape, and eliminating and optimizing our monolithic failed agency structures that ingest tax dollars but yield little outcome. It also means swiftly defending our most vulnerable institutions: hospitals, schools, and infrastructure that support American families. Every delay, every failure to act, strengthens our adversaries and weakens our nation.

Sadly, we have appointed senior officials in the White House that have been “tasked” with doing the work we need, but they have been hamstrung and rendered marginally effective by excessive bureaucracy and a failure of understanding and drive from those above them in the chain of command.  Why appoint and employ these seasoned veterans of the industry if they will simply be used as figure heads rather than as empowered leaders in our national mission?

A Plea for Action

The United States has always been at its best in meeting new threats with bold action and visionary leadership. Cyber threats should be no different. The consequences of inaction are now deadly, and the time for complacency and unyielding expense has run out. We cannot allow another hospital to be held hostage, another school to be breached, or another American life to be lost because we failed to prioritize cybersecurity.

To President Trump and the new administration: we need decisive change and a willingness to break the status quo. Americans deserve to be protected from cyber threats, and anything less than a full commitment to reform is unacceptable. 

The old system has failed. It is time to build a new one that works before it is too late.  Your new administration took office on January 20 and we could have effective cyber change soon after that.  

Please don’t let another American die because of a lack of technical understanding or a failure to employ an effective cybersecurity strategy.

References

• Cyberattacks and Healthcare: Ransomware attacks are increasingly targeting hospitals, delaying treatment, and endangering lives, as evidenced by documented delays in chemotherapy and emergency care (Kanter et al., 2021). Additionally, ransomware attacks can lead to fatalities during critical emergencies, particularly in untargeted hospitals impacted by adjacent cyberattacks (Pham et al., 2024).

• Schools and Infrastructure Under Siege: Schools face heightened risks as ransomware attacks have surged, exploiting outdated systems and overworked staff (Hijji & Alam, 2021). These attacks disrupt education and expose sensitive student data to cybercriminals.

• Critical Infrastructure: Cyberattacks on critical infrastructure, such as energy systems and pipelines, highlight vulnerabilities in outdated bureaucratic processes and interdependencies (Watney, 2022).

• Bureaucracy and Compliance Failures: Existing regulations, such as HIPAA, remain outdated and ill-equipped to address advanced threats from ransomware and state-sponsored hackers (Kanter et al., 2021).

• Economic and Human Consequences: Cyber disruptions can have cascading impacts, with ransomware crippling healthcare systems, costing billions, and contributing to excess deaths (Portela et al., 2022).

• Urgency for National Leadership: The interconnectedness of healthcare and critical infrastructure demands a unified national strategy to address emerging threats and secure essential services (Simu & Zaman, 2023).

Magazine Home | About CYBER | Author Guide | Masthead | Archive Articles