Cyber-attacks continue to rear their ugly head as a major security threat to American infrastructure. Private- and public-sector entities alike are finding themselves victims of security breaches and data swipes. Hackers can come from anywhere – inside or outside the United States – and their goals can vary. Some are after state or industrial secrets, while others are after that valuable 21st-Century commodity, customer data. Still more hackers simply want to cause chaos, disrupting commerce and peoples’ lives for cheap thrills. But since cyber-attacks are launched against government and the private sector alike, they must work together to combat these digital threats to real-world institutions.
One cyber-incursion against the government was recently revealed in a report issued by the Government Accountability Office (GAO). Specifically, the target was HealthCare.gov, the website set up to handle the federal health insurance exchange under the Affordable Care Act. While no data was stolen, several individuals were able to use the website – as well as the dedicated phone service – to set up accounts and obtain insurance using falsified information. According to a Washington Post report about the incident, they specifically used “invalid or missing Social Security numbers or inaccurate citizenship information” and still made it past the screening process.
The bad news is, of course, that these would-be insurance fraudsters were not stopped initially. It is painfully obvious that more stringent security measures must be taken as the government continues to work out the kinks of the healthcare exchange site. Further, this overwhelming breach of security demonstrates that the government is not capable of insuring cyber safety on its own and must act to engage the private sector in to create better security online. There may be some initial embarrassment after the release of this GAO report, but hopefully that will be trumped by the lessons learned as the government beefs up their online security apparatus and looks to the private sector for help.
Public-private cybersecurity partnerships are most ideal, because the private sector also has significant work to do to combat cyber threats – and the financial services industry faces some of the most serious risk. Treasury Secretary Jack Lew recently announced that American financial institutions have been hit with 250 “distributed denial-of-service” (DDOS) cyber-attacks since 2011. Lew’s sobering assessment was part of a push to get the government and business worlds to better cooperate in identifying and fighting the digital marauders who prey on both. To that end, the Department of the Treasury is establishing the Financial Sector Cyber Intelligence Group to facilitate greater information-sharing on cyber threats between businesses and the government.
Another group working to strengthen public-private partnerships is the Security Innovation Network (SINET). Founded by former Secret Service official Robert Rodriguez, SINET connects cybersecurity leaders in the business and government spheres in order to launch the next wave of innovation to help protect America’s digital assets. Working with the Department of Homeland Security Science & Technology Directorate, SINET provides key leadership and strategic advice as the public and private sectors continue to work together to achieve their common goal.
It’s disturbing to see that individuals can fraudulently obtain federally subsidized health insurance from a government website, and equally disturbing that banks and their customers suffer from malicious DDOS attacks. Both signal very real dangers faced by our nation. But our greatest chance to prevail against America’s digital enemies lies in greater cooperation between business and government. Government offices like the Financial Sector Cyber Intelligence Group and outside organizations like Security Innovation Network are working hard to make it easier to do just that. By working together, a more secure digital future is possible.
Ortiz is a principal at Crane & Crane Consulting, an adviser on public policy and regulations for a D.C.-based global law firm, an investor in cybersecurity technologies and services, and recently spoke on the Cybersecurity Landscape panel hosted by the U.S. Securities and Exchange Commission (SEC)