Evolving cybersecurity for the modern age

ADVERTISEMENT
Glaring indicators that America's cybersecurity infrastructure is deeply flawed are all too common. The press regularly reports on security breaches in federal systems that could compromise incredibly sensitive data and operations.
 
Hackers regularly go after sensitive government information -- and the rate of attacks is increasing. As Defense Secretary Leon Panetta himself said in a speech this past summer: "We continue to experience cyber attacks every day -- it is, without question, a battlefield of the future."
 
Of course, the cyber threat extends well beyond the public sector. The global marketplace demands that American businesses grow increasingly interconnected. They can't afford to be completely self-contained.
 
Virtualization, outsourcing -- these are vital tools for modern commerce. But using them necessarily makes companies more vulnerable to cyber intrusions. Since 2011, there have been a whopping 855 data breaches involving American companies. On average, each breach cost $5.5 million.
 
Successful breaches of large infrastructure firms -- like electricity, water, and gas providers -- can hugely handicap commerce. The National Security Agency estimates that the annual rate of cyber attacks on American infrastructure jumped seventeen-fold between 2009 and 2011.
 
This shouldn't be surprising. Electronic information plays an increasingly vital role in running American society. And technological innovation has fueled evolution in cyber warfare techniques.
 
There's "spear phishing," in which hackers send disguised emails to workers convincing them to hand over confidential information. Hackers have also started using social media and spam blasts to entice people to download malicious code or reveal important passwords.
 
As cyber warfare techniques evolve, so must cyber defenses. Of course, preventative measures need to be a priority. This includes: testing software vulnerability; auditing hardware suppliers; and equipping employees with best practices to protect sensitive information.
 
But preventative measures alone aren't sufficient. In the modern technology environment, breaches are essentially an inevitability, particularly for large, globally connected institutions.
 
That's why preventative measures need to be paired with programs to withstand data disruption and avoid major problems in the event of a breach. Cyberresiliency is the ability to maintain operations through a cyber attack, recover, and then develop new defense techniques based on previous breaches.
 
Toward this end, the government needs to work in partnership with the private sector to develop new tools aimed at countering increasingly sophisticated cybersecurity threats.
 
One such initiative is the "morphinator," a joint public-private project between Raytheon and the U.S. Army scheduled for full implementation in 2014. Modern hackers typically do reconnaissance on a targeted network before striking, chiefly to determine its vulnerabilities. The morphinator system creates a moving target -- it regularly changes a network's IP address to keep hackers on their toes and undermine such reconnaissance work.
 
There need to be many more projects like this. Cyber warriors threaten the very foundations of our society. The public and private sectors need to join forces and evolve cyber defenses quickly to counteract this mounting threat.
 
Snyder is the vice president of Cyber Programs at Raytheon Company.