|
 |
 |
|
Evolving cybersecurity for the modern age
-
10/04/12 09:00 AM ET
Today, a major cybersecurity summit is occurring in nation's capital. The all-star list of attendees includes Gen. Keith Alexander, director of the National Security Agency, Retired Gen. Michael Hayden, former director of both the NSA and Central Intelligence Agency, and former Homeland Security Secretary Gov. Tom Ridge. The roster also includes a number of technology leaders from the business community.
This event couldn't come at a better time. In both the public and private sectors, cybersecurity is seriously underfunded. There needs to be renewed focus on evolving the country's defenses to ward off hackers, with particular emphasis put on improving cyberresiliency -- that is, the ability not only to prevent breaches, but to withstand and recover from them when they do inevitably occur.
Hackers regularly go after sensitive government information -- and the rate of attacks is increasing. As Defense Secretary Leon Panetta himself said in a speech this past summer: "We continue to experience cyber attacks every day -- it is, without question, a battlefield of the future."
Of course, the cyber threat extends well beyond the public sector. The global marketplace demands that American businesses grow increasingly interconnected. They can't afford to be completely self-contained.
Virtualization, outsourcing -- these are vital tools for modern commerce. But using them necessarily makes companies more vulnerable to cyber intrusions. Since 2011, there have been a whopping 855 data breaches involving American companies. On average, each breach cost $5.5 million.
Successful breaches of large infrastructure firms -- like electricity, water, and gas providers -- can hugely handicap commerce. The National Security Agency estimates that the annual rate of cyber attacks on American infrastructure jumped seventeen-fold between 2009 and 2011.
This shouldn't be surprising. Electronic information plays an increasingly vital role in running American society. And technological innovation has fueled evolution in cyber warfare techniques.
There's "spear phishing," in which hackers send disguised emails to workers convincing them to hand over confidential information. Hackers have also started using social media and spam blasts to entice people to download malicious code or reveal important passwords.
As cyber warfare techniques evolve, so must cyber defenses. Of course, preventative measures need to be a priority. This includes: testing software vulnerability; auditing hardware suppliers; and equipping employees with best practices to protect sensitive information.
But preventative measures alone aren't sufficient. In the modern technology environment, breaches are essentially an inevitability, particularly for large, globally connected institutions.
That's why preventative measures need to be paired with programs to withstand data disruption and avoid major problems in the event of a breach. Cyberresiliency is the ability to maintain operations through a cyber attack, recover, and then develop new defense techniques based on previous breaches.
Toward this end, the government needs to work in partnership with the private sector to develop new tools aimed at countering increasingly sophisticated cybersecurity threats.
One such initiative is the "morphinator," a joint public-private project between Raytheon and the U.S. Army scheduled for full implementation in 2014. Modern hackers typically do reconnaissance on a targeted network before striking, chiefly to determine its vulnerabilities. The morphinator system creates a moving target -- it regularly changes a network's IP address to keep hackers on their toes and undermine such reconnaissance work.
There need to be many more projects like this. Cyber warriors threaten the very foundations of our society. The public and private sectors need to join forces and evolve cyber defenses quickly to counteract this mounting threat.
Snyder is the vice president of Cyber Programs at Raytheon Company.
Most Viewed RSS Feed »
